page_title |
---|
DigitalOcean: digitalocean_loadbalancer |
Provides a DigitalOcean Load Balancer resource. This can be used to create, modify, and delete Load Balancers.
resource "digitalocean_droplet" "web" {
name = "web-1"
size = "s-1vcpu-1gb"
image = "ubuntu-18-04-x64"
region = "nyc3"
}
resource "digitalocean_loadbalancer" "public" {
name = "loadbalancer-1"
region = "nyc3"
forwarding_rule {
entry_port = 80
entry_protocol = "http"
target_port = 80
target_protocol = "http"
}
healthcheck {
port = 22
protocol = "tcp"
}
droplet_ids = [digitalocean_droplet.web.id]
}
When managing certificates attached to the load balancer, make sure to add the create_before_destroy
lifecycle property in order to ensure the certificate is correctly updated when changed. The order of
operations will then be: Create new certificate
-> Update loadbalancer with new certificate
->
Delete old certificate
. When doing so, you must also change the name of the certificate,
as there cannot be multiple certificates with the same name in an account.
resource "digitalocean_certificate" "cert" {
name = "cert"
private_key = "file('key.pem')"
leaf_certificate = "file('cert.pem')"
lifecycle {
create_before_destroy = true
}
}
resource "digitalocean_droplet" "web" {
name = "web-1"
size = "s-1vcpu-1gb"
image = "ubuntu-18-04-x64"
region = "nyc3"
}
resource "digitalocean_loadbalancer" "public" {
name = "loadbalancer-1"
region = "nyc3"
forwarding_rule {
entry_port = 443
entry_protocol = "https"
target_port = 80
target_protocol = "http"
certificate_name = digitalocean_certificate.cert.name
}
healthcheck {
port = 22
protocol = "tcp"
}
droplet_ids = [digitalocean_droplet.web.id]
}
The following arguments are supported:
name
- (Required) The Load Balancer nameregion
- (Required) The region to start insize
- (Optional) The size of the Load Balancer. It must be eitherlb-small
,lb-medium
, orlb-large
. Defaults tolb-small
. Only one ofsize
orsize_unit
may be provided.size_unit
- (Optional) The size of the Load Balancer. It must be in the range (1, 100). Defaults to1
. Only one ofsize
orsize_unit
may be provided.algorithm
- (Optional) The load balancing algorithm used to determine which backend Droplet will be selected by a client. It must be eitherround_robin
orleast_connections
. The default value isround_robin
.forwarding_rule
- (Required) A list offorwarding_rule
to be assigned to the Load Balancer. Theforwarding_rule
block is documented below.healthcheck
- (Optional) Ahealthcheck
block to be assigned to the Load Balancer. Thehealthcheck
block is documented below. Only 1 healthcheck is allowed.sticky_sessions
- (Optional) Asticky_sessions
block to be assigned to the Load Balancer. Thesticky_sessions
block is documented below. Only 1 sticky_sessions block is allowed.redirect_http_to_https
- (Optional) A boolean value indicating whether HTTP requests to the Load Balancer on port 80 will be redirected to HTTPS on port 443. Default value isfalse
.enable_proxy_protocol
- (Optional) A boolean value indicating whether PROXY Protocol should be used to pass information from connecting client requests to the backend service. Default value isfalse
.enable_backend_keepalive
- (Optional) A boolean value indicating whether HTTP keepalive connections are maintained to target Droplets. Default value isfalse
.disable_lets_encrypt_dns_records
- (Optional) A boolean value indicating whether to disable automatic DNS record creation for Let's Encrypt certificates that are added to the load balancer. Default value isfalse
.vpc_uuid
- (Optional) The ID of the VPC where the load balancer will be located.droplet_ids
(Optional) - A list of the IDs of each droplet to be attached to the Load Balancer.droplet_tag
(Optional) - The name of a Droplet tag corresponding to Droplets to be assigned to the Load Balancer.
forwarding_rule
supports the following:
entry_protocol
- (Required) The protocol used for traffic to the Load Balancer. The possible values are:http
,https
,http2
,http3
,tcp
, orudp
.entry_port
- (Required) An integer representing the port on which the Load Balancer instance will listen.target_protocol
- (Required) The protocol used for traffic from the Load Balancer to the backend Droplets. The possible values are:http
,https
,http2
,tcp
, orudp
.target_port
- (Required) An integer representing the port on the backend Droplets to which the Load Balancer will send traffic.certificate_name
- (Optional) The unique name of the TLS certificate to be used for SSL termination.certificate_id
- (Optional) Deprecated The ID of the TLS certificate to be used for SSL termination.tls_passthrough
- (Optional) A boolean value indicating whether SSL encrypted traffic will be passed through to the backend Droplets. The default value isfalse
.
sticky_sessions
supports the following:
type
- (Required) An attribute indicating how and if requests from a client will be persistently served by the same backend Droplet. The possible values arecookies
ornone
. If not specified, the default value isnone
.cookie_name
- (Optional) The name to be used for the cookie sent to the client. This attribute is required when usingcookies
for the sticky sessions type.cookie_ttl_seconds
- (Optional) The number of seconds until the cookie set by the Load Balancer expires. This attribute is required when usingcookies
for the sticky sessions type.http_idle_timeout_seconds
- (Optional) The http idle timeout configuration in seconds. if not specified, this defaults to 60 seconds.
healthcheck
supports the following:
protocol
- (Required) The protocol used for health checks sent to the backend Droplets. The possible values arehttp
,https
ortcp
.port
- (Optional) An integer representing the port on the backend Droplets on which the health check will attempt a connection.path
- (Optional) The path on the backend Droplets to which the Load Balancer instance will send a request.check_interval_seconds
- (Optional) The number of seconds between between two consecutive health checks. If not specified, the default value is10
.response_timeout_seconds
- (Optional) The number of seconds the Load Balancer instance will wait for a response until marking a health check as failed. If not specified, the default value is5
.unhealthy_threshold
- (Optional) The number of times a health check must fail for a backend Droplet to be marked "unhealthy" and be removed from the pool. If not specified, the default value is3
.healthy_threshold
- (Optional) The number of times a health check must pass for a backend Droplet to be marked "healthy" and be re-added to the pool. If not specified, the default value is5
.
In addition to the arguments listed above, the following attributes are exported:
id
- The ID of the Load Balancerip
- The ip of the Load Balancerurn
- The uniform resource name for the Load Balancer
Load Balancers can be imported using the id
, e.g.
terraform import digitalocean_loadbalancer.myloadbalancer 4de7ac8b-495b-4884-9a69-1050c6793cd6