Improve docs for load balancers - update scenarios
Closed this issue · 5 comments
Provide docs for loadbalancers for update scenarios, such as:
- change in the NEG (i.e. changing the destination)
- rotation of the TLS certificates
And rationale behind the approach (i.e. do not introduce failures during the change)
READMEs:
@wiktorn I am new and want to contribute as an open-source contributor. I have understood the issue #1972 and #2080.
As a new contributor, just asking for your suggestion. Should I add a proper description of how to handle if in case there is a change in NEG configuration inside LB in this README.md file?
Also, I didn't get it what's the problem with TLS certificates regarding this LB update scenario? I didn't get much information about it except the above issues.
Hi @NayeemShaMd, thank you for your interest in this!
Yes, the idea is to update the READMEs of:
- modules/net-lb-app-ext-regional
- modules/net-lb-app-ext
- modules/net-lb-app-int-cross-region
- modules/net-lb-app-int
- modules/net-lb-ext
- modules/net-lb-int
- moudles/net-lb-proxy-int
But let's take it one by one.
Regarding the actual update, I think that it's not only about NEGs, but it is the same situation with backends pointing to instance groups, URL map changes etc.
Whenever the change is requiring resource recreation, what is a proper way forward is to create a new resource (and "path" to it), and then update the configuration so the traffic is properly routed. This then ensures minimal interruption to the application/traffic, provided that application is handling properly this "split brain" situation.
And with TLS certificates is very similar situation - if you try now rotate the cert on the same Terraform resource (see here - just change the validity_period_hours to 1 and after 1h terraform will try to recreate tls_self_signed_cert), the update will fail. What you really want to do, is to create a new certificate and add it to Load Balancer and then remove the old one.
Hope that helps.
@wiktorn thanks a lot for the details. I will look into it and write the documentation. Could you please assign this task to me?