feat: increase the health check interval (#2378)

* feat: increase the health check interval * commit from ci -- ran terraform fmt and pushed * Update variables.tf * commit from ci -- ran terraform-docs and pushed * commit from ci -- ran terraform fmt and pushed --------- Co-authored-by: jakeyheath <[email protected]> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: czi-github-helper[bot] <czi-github-helper[bot]@users.noreply.github.com>
chanzuckerberg · Aug 28, 2023 · fcb0fad · fcb0fad
1 parent e4c4dbc
commit fcb0fad
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/terraform/modules/happy-ingress-eks/README.md b/terraform/modules/happy-ingress-eks/README.md
@@ -27,6 +27,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_aws_alb_healthcheck_interval_seconds"></a> [aws\_alb\_healthcheck\_interval\_seconds](#input\_aws\_alb\_healthcheck\_interval\_seconds) | The time in seconds to ping the target group for a health check; defaults to a high numbers since k8s also has a healthcheck | `string` | `"300"` | no |
 | <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | ACM certificate ARN to attach to the load balancer listener | `string` | n/a | yes |
 | <a name="input_cloud_env"></a> [cloud\_env](#input\_cloud\_env) | Typically data.terraform\_remote\_state.cloud-env.outputs | <pre>object({<br>    public_subnets : list(string),<br>    private_subnets : list(string),<br>    database_subnets : list(string),<br>    database_subnet_group : string,<br>    vpc_id : string,<br>    vpc_cidr_block : string,<br>  })</pre> | n/a | yes |
 | <a name="input_health_check_path"></a> [health\_check\_path](#input\_health\_check\_path) | path to use for health checks | `string` | `"/"` | no |

diff --git a/terraform/modules/happy-ingress-eks/main.tf b/terraform/modules/happy-ingress-eks/main.tf
@@ -1,10 +1,11 @@
 locals {
   ingress_base_annotations = {
-    "kubernetes.io/ingress.class"                    = "alb"
-    "alb.ingress.kubernetes.io/backend-protocol"     = var.target_service_scheme
-    "alb.ingress.kubernetes.io/healthcheck-path"     = var.health_check_path
-    "alb.ingress.kubernetes.io/healthcheck-protocol" = var.target_service_scheme
-    "alb.ingress.kubernetes.io/listen-ports"         = jsonencode([{ HTTPS = 443 }, { HTTP = 80 }])
+    "kubernetes.io/ingress.class"                            = "alb"
+    "alb.ingress.kubernetes.io/healthcheck-interval-seconds" = var.aws_alb_healthcheck_interval_seconds
+    "alb.ingress.kubernetes.io/backend-protocol"             = var.target_service_scheme
+    "alb.ingress.kubernetes.io/healthcheck-path"             = var.health_check_path
+    "alb.ingress.kubernetes.io/healthcheck-protocol"         = var.target_service_scheme
+    "alb.ingress.kubernetes.io/listen-ports"                 = jsonencode([{ HTTPS = 443 }, { HTTP = 80 }])
     # All ingresses are "internet-facing". If a service_type was marked "INTERNAL", it will be protected using OIDC.
     "alb.ingress.kubernetes.io/scheme"                  = "internet-facing"
     "alb.ingress.kubernetes.io/subnets"                 = join(",", var.cloud_env.public_subnets)

diff --git a/terraform/modules/happy-ingress-eks/variables.tf b/terraform/modules/happy-ingress-eks/variables.tf
@@ -108,3 +108,9 @@ variable "regional_wafv2_arn" {
   description = "A WAF to protect the EKS Ingress if needed"
   default     = null
 }
+
+variable "aws_alb_healthcheck_interval_seconds" {
+  type        = string
+  description = "The time in seconds to ping the target group for a health check; defaults to a high numbers since k8s also has a healthcheck"
+  default     = "300" // 60 * 5
+}