terraform-azurerm-caf icon indicating copy to clipboard operation
terraform-azurerm-caf copied to clipboard

Published 20 hours ago verified publisher icon aztfmod

Fix: Load balancer with multiple frontend IP addresses

Open DarcyZen opened this issue 1 year ago • 2 comments

Issue-id

PR Checklist

  • [x] I have added example(s) inside the [./examples/] folder
  • [ ] I have added the example(s) to the integration test list for normal (~30 minutes) or long runner >30 minutes
  • [ ] I have checked the coding conventions as per the wiki
  • [x] I have checked to ensure there aren't other open Pull Requests for the same update/change?

Description

Does this introduce a breaking change

  • [ ] YES
  • [x] NO

Testing

DarcyZen avatar Nov 03 '23 13:11 DarcyZen

Thanks for the PR, just wanted to highlight, that this is a breaking change, as existing configuration will not work anymore

sschne avatar Nov 20 '23 12:11 sschne

We had the issue that if you add more public_ip_addresses, the frontend_ip_configuration can't resolve the existing ip address id anymore, resulting in cascading recreation of lb_backend_pools etc. To fix that, we remove the try() from the referencing clause.

diff --git a/modules/networking/lb/module.tf b/modules/networking/lb/module.tf
index f6e8dfe5..88265b33 100644
--- a/modules/networking/lb/module.tf
+++ b/modules/networking/lb/module.tf
@@ -26,7 +26,7 @@ resource "azurerm_lb" "lb" {
       zones                                              = can(frontend_ip_configuration.value.zones) ? frontend_ip_configuration.value.zones : try(frontend_ip_configuration.value.availability_zone, null)
       # TODO: availability_zone kept for smooth migration to 3.0
 
-      public_ip_address_id = can(frontend_ip_configuration.value.public_ip_address.id) || can(frontend_ip_configuration.value.public_ip_address.key) ? try(frontend_ip_configuration.value.public_ip_address.id, var.remote_objects.public_ip_addresses[try(frontend_ip_configuration.value.public_ip_address.lz_key, var.client_config.landingzone_key)][frontend_ip_configuration.value.public_ip_address.key].id) : null
+      public_ip_address_id = can(frontend_ip_configuration.value.public_ip_address.id) || can(frontend_ip_configuration.value.public_ip_address.key) ? can(frontend_ip_configuration.value.public_ip_address.id) ? frontend_ip_configuration.value.public_ip_address.id : var.remote_objects.public_ip_addresses[try(frontend_ip_configuration.value.public_ip_address.lz_key, var.client_config.landingzone_key)][frontend_ip_configuration.value.public_ip_address.key].id : null
       subnet_id            = can(frontend_ip_configuration.value.subnet.id) || can(frontend_ip_configuration.value.subnet.key) ? try(frontend_ip_configuration.value.subnet.id, var.remote_objects.virtual_network[try(frontend_ip_configuration.value.subnet.lz_key, var.client_config.landingzone_key)][frontend_ip_configuration.value.subnet.vnet_key].subnets[frontend_ip_configuration.value.subnet.key].id) : null
 
     }

sschne avatar Nov 30 '23 11:11 sschne