diff --git a/README.md b/README.md
index 0650738a2..ef8c1782a 100644
--- a/README.md
+++ b/README.md
@@ -499,18 +499,19 @@ list(
load_balancers = list(
object({
- name = string # Name of the load balancer
- type = string # Can be public or private
- listener_port = number # Port for front end listener
- listener_protocol = string # Protocol for listener. Can be `tcp`, `http`, or `https`
- connection_limit = number # Connection limit
- algorithm = string # Back end Pool algorithm can only be `round_robin`, `weighted_round_robin`, or `least_connections`.
- protocol = string # Back End Pool Protocol can only be `http`, `https`, or `tcp`
- health_delay = number # Health delay for back end pool
- health_retries = number # Health retries for back end pool
- health_timeout = number # Health timeout for back end pool
- health_type = string # Load Balancer Pool Health Check Type can only be `http`, `https`, or `tcp`.
- pool_member_port = string # Listener port
+ name = string # Name of the load balancer
+ type = string # Can be public or private
+ listener_port = number # Port for front end listener
+ listener_protocol = string # Protocol for listener. Can be `tcp`, `http`, or `https`
+ connection_limit = number # Connection limit
+ algorithm = string # Back end Pool algorithm can only be `round_robin`, `weighted_round_robin`, or `least_connections`.
+ protocol = string # Back End Pool Protocol can only be `http`, `https`, or `tcp`
+ health_delay = number # Health delay for back end pool
+ health_retries = number # Health retries for back end pool
+ health_timeout = number # Health timeout for back end pool
+ health_type = string # Load Balancer Pool Health Check Type can only be `http`, `https`, or `tcp`.
+ pool_member_port = string # Listener port
+ idle_connection_timeout = optional(number) # The idle connection timeout of the listener in seconds.
##############################################################################
# A security group can optionally be created and attached to each load
@@ -905,7 +906,7 @@ module "cluster_pattern" {
| [cos](#input\_cos) | Object describing the cloud object storage instance, buckets, and keys. Set `use_data` to false to create instance | list(
object({
name = string
use_data = optional(bool)
resource_group = string
plan = optional(string)
random_suffix = optional(bool) # Use a random suffix for COS instance
access_tags = optional(list(string), [])
buckets = list(object({
name = string
storage_class = string
endpoint_type = string
force_delete = bool
single_site_location = optional(string)
region_location = optional(string)
cross_region_location = optional(string)
kms_key = optional(string)
access_tags = optional(list(string), [])
allowed_ip = optional(list(string))
hard_quota = optional(number)
archive_rule = optional(object({
days = number
enable = bool
rule_id = optional(string)
type = string
}))
activity_tracking = optional(object({
activity_tracker_crn = string
read_data_events = bool
write_data_events = bool
}))
metrics_monitoring = optional(object({
metrics_monitoring_crn = string
request_metrics_enabled = optional(bool)
usage_metrics_enabled = optional(bool)
}))
}))
keys = optional(
list(object({
name = string
role = string
enable_HMAC = bool
}))
)
})
)
| n/a | yes |
| [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Create transit gateway | `bool` | `true` | no |
| [f5\_template\_data](#input\_f5\_template\_data) | Data for all f5 templates | object({
tmos_admin_password = optional(string)
license_type = optional(string)
byol_license_basekey = optional(string)
license_host = optional(string)
license_username = optional(string)
license_password = optional(string)
license_pool = optional(string)
license_sku_keyword_1 = optional(string)
license_sku_keyword_2 = optional(string)
license_unit_of_measure = optional(string)
do_declaration_url = optional(string)
as3_declaration_url = optional(string)
ts_declaration_url = optional(string)
phone_home_url = optional(string)
template_source = optional(string)
template_version = optional(string)
app_id = optional(string)
tgactive_url = optional(string)
tgstandby_url = optional(string)
tgrefresh_url = optional(string)
}) | {
"license_type": "none"
} | no |
-| [f5\_vsi](#input\_f5\_vsi) | A list describing F5 VSI workloads to create | list(
object({
name = string
vpc_name = string
primary_subnet_name = string
secondary_subnet_names = list(string)
secondary_subnet_security_group_names = list(
object({
group_name = string
interface_name = string
})
)
ssh_keys = list(string)
f5_image_name = string
machine_type = string
resource_group = optional(string)
enable_management_floating_ip = optional(bool)
enable_external_floating_ip = optional(bool)
security_groups = optional(list(string))
boot_volume_encryption_key_name = optional(string)
hostname = string
domain = string
access_tags = optional(list(string), [])
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
block_storage_volumes = optional(list(
object({
name = string
profile = string
capacity = optional(number)
iops = optional(number)
encryption_key = optional(string)
})
))
load_balancers = optional(list(
object({
name = string
type = string
listener_port = number
listener_protocol = string
connection_limit = number
algorithm = string
protocol = string
health_delay = number
health_retries = number
health_timeout = number
health_type = string
pool_member_port = string
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
})
))
})
)
| `[]` | no |
+| [f5\_vsi](#input\_f5\_vsi) | A list describing F5 VSI workloads to create | list(
object({
name = string
vpc_name = string
primary_subnet_name = string
secondary_subnet_names = list(string)
secondary_subnet_security_group_names = list(
object({
group_name = string
interface_name = string
})
)
ssh_keys = list(string)
f5_image_name = string
machine_type = string
resource_group = optional(string)
enable_management_floating_ip = optional(bool)
enable_external_floating_ip = optional(bool)
security_groups = optional(list(string))
boot_volume_encryption_key_name = optional(string)
hostname = string
domain = string
access_tags = optional(list(string), [])
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
block_storage_volumes = optional(list(
object({
name = string
profile = string
capacity = optional(number)
iops = optional(number)
encryption_key = optional(string)
})
))
load_balancers = optional(list(
object({
name = string
type = string
listener_port = number
listener_protocol = string
connection_limit = number
algorithm = string
protocol = string
health_delay = number
health_retries = number
health_timeout = number
health_type = string
pool_member_port = string
idle_connection_timeout = optional(number)
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
})
))
})
)
| `[]` | no |
| [iam\_account\_settings](#input\_iam\_account\_settings) | IAM Account Settings. | object({
enable = bool
mfa = optional(string)
allowed_ip_addresses = optional(string)
include_history = optional(bool)
if_match = optional(string)
max_sessions_per_identity = optional(string)
restrict_create_service_id = optional(string)
restrict_create_platform_apikey = optional(string)
session_expiration_in_seconds = optional(string)
session_invalidation_in_seconds = optional(string)
}) | {
"enable": false
} | no |
| [key\_management](#input\_key\_management) | Key Protect instance variables | object({
name = optional(string)
resource_group = optional(string)
use_data = optional(bool)
use_hs_crypto = optional(bool)
access_tags = optional(list(string), [])
keys = optional(
list(
object({
name = string
root_key = optional(bool)
payload = optional(string)
key_ring = optional(string) # Any key_ring added will be created
force_delete = optional(bool)
existing_key_crn = optional(string) # CRN of an existing key in the same or different account.
endpoint = optional(string) # can be public or private
iv_value = optional(string) # (Optional, Forces new resource, String) Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running ibmcloud kp import-token encrypt-nonce. Only for imported root key.
encrypted_nonce = optional(string) # The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the ibmcloud kp import-token get command. Then, encrypt the value by running ibmcloud kp import-token encrypt-nonce. Only for imported root key.
policies = optional(
object({
rotation = optional(
object({
interval_month = number
})
)
dual_auth_delete = optional(
object({
enabled = bool
})
)
})
)
})
)
)
}) | n/a | yes |
| [network\_cidr](#input\_network\_cidr) | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | `string` | `"10.0.0.0/8"` | no |
@@ -926,7 +927,7 @@ module "cluster_pattern" {
| [vpc\_placement\_groups](#input\_vpc\_placement\_groups) | List of VPC placement groups to create | list(
object({
access_tags = optional(list(string), [])
name = string
resource_group = optional(string)
strategy = string
})
)
| `[]` | no |
| [vpcs](#input\_vpcs) | A map describing VPCs to be created in this repo. | list(
object({
prefix = string # VPC prefix
resource_group = optional(string) # Name of the group where VPC will be created
access_tags = optional(list(string), [])
classic_access = optional(bool)
default_network_acl_name = optional(string)
default_security_group_name = optional(string)
clean_default_sg_acl = optional(bool, false)
default_security_group_rules = optional(
list(
object({
name = string
direction = string
remote = string
tcp = optional(
object({
port_max = optional(number)
port_min = optional(number)
})
)
udp = optional(
object({
port_max = optional(number)
port_min = optional(number)
})
)
icmp = optional(
object({
type = optional(number)
code = optional(number)
})
)
})
)
)
default_routing_table_name = optional(string)
flow_logs_bucket_name = optional(string)
address_prefixes = optional(
object({
zone-1 = optional(list(string))
zone-2 = optional(list(string))
zone-3 = optional(list(string))
})
)
network_acls = list(
object({
name = string
add_ibm_cloud_internal_rules = optional(bool)
add_vpc_connectivity_rules = optional(bool)
prepend_ibm_rules = optional(bool)
rules = list(
object({
name = string
action = string
destination = string
direction = string
source = string
tcp = optional(
object({
port_max = optional(number)
port_min = optional(number)
source_port_max = optional(number)
source_port_min = optional(number)
})
)
udp = optional(
object({
port_max = optional(number)
port_min = optional(number)
source_port_max = optional(number)
source_port_min = optional(number)
})
)
icmp = optional(
object({
type = optional(number)
code = optional(number)
})
)
})
)
})
)
use_public_gateways = object({
zone-1 = optional(bool)
zone-2 = optional(bool)
zone-3 = optional(bool)
})
subnets = object({
zone-1 = list(object({
name = string
cidr = string
public_gateway = optional(bool)
acl_name = string
}))
zone-2 = list(object({
name = string
cidr = string
public_gateway = optional(bool)
acl_name = string
}))
zone-3 = list(object({
name = string
cidr = string
public_gateway = optional(bool)
acl_name = string
}))
})
})
)
| n/a | yes |
| [vpn\_gateways](#input\_vpn\_gateways) | List of VPN Gateways to create. | list(
object({
name = string
vpc_name = string
subnet_name = string # Do not include prefix, use same name as in `var.subnets`
mode = optional(string)
resource_group = optional(string)
access_tags = optional(list(string), [])
})
)
| n/a | yes |
-| [vsi](#input\_vsi) | A list describing VSI workloads to create | list(
object({
name = string
vpc_name = string
subnet_names = list(string)
ssh_keys = list(string)
image_name = string
machine_type = string
vsi_per_subnet = number
user_data = optional(string)
resource_group = optional(string)
enable_floating_ip = optional(bool)
security_groups = optional(list(string))
boot_volume_encryption_key_name = optional(string)
access_tags = optional(list(string), [])
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
block_storage_volumes = optional(list(
object({
name = string
profile = string
capacity = optional(number)
iops = optional(number)
encryption_key = optional(string)
})
))
load_balancers = optional(list(
object({
name = string
type = string
listener_port = number
listener_protocol = string
connection_limit = number
algorithm = string
protocol = string
health_delay = number
health_retries = number
health_timeout = number
health_type = string
pool_member_port = string
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
})
))
})
)
| n/a | yes |
+| [vsi](#input\_vsi) | A list describing VSI workloads to create | list(
object({
name = string
vpc_name = string
subnet_names = list(string)
ssh_keys = list(string)
image_name = string
machine_type = string
vsi_per_subnet = number
user_data = optional(string)
resource_group = optional(string)
enable_floating_ip = optional(bool)
security_groups = optional(list(string))
boot_volume_encryption_key_name = optional(string)
access_tags = optional(list(string), [])
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
block_storage_volumes = optional(list(
object({
name = string
profile = string
capacity = optional(number)
iops = optional(number)
encryption_key = optional(string)
})
))
load_balancers = optional(list(
object({
name = string
type = string
listener_port = number
listener_protocol = string
connection_limit = number
algorithm = string
protocol = string
health_delay = number
health_retries = number
health_timeout = number
health_type = string
pool_member_port = string
idle_connection_timeout = optional(number)
security_group = optional(
object({
name = string
rules = list(
object({
name = string
direction = string
source = string
tcp = optional(
object({
port_max = number
port_min = number
})
)
udp = optional(
object({
port_max = number
port_min = number
})
)
icmp = optional(
object({
type = number
code = number
})
)
})
)
})
)
})
))
})
)
| n/a | yes |
| [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, and `IngressReady` | `string` | `"IngressReady"` | no |
### Outputs
diff --git a/examples/override-example/override.json b/examples/override-example/override.json
index 183ae0731..2c9017113 100644
--- a/examples/override-example/override.json
+++ b/examples/override-example/override.json
@@ -467,7 +467,8 @@
"health_delay": 60,
"health_retries": 2,
"health_timeout": 2,
- "health_type": "tcp"
+ "health_type": "tcp",
+ "idle_connection_timeout": 50
}
]
}
diff --git a/patterns/vsi-extension/variables.tf b/patterns/vsi-extension/variables.tf
index d2284578c..81f22d133 100644
--- a/patterns/vsi-extension/variables.tf
+++ b/patterns/vsi-extension/variables.tf
@@ -136,18 +136,19 @@ variable "load_balancers" {
description = "The load balancers to add to the VSI."
type = list(
object({
- name = string
- type = string
- listener_port = number
- listener_protocol = string
- connection_limit = number
- algorithm = string
- protocol = string
- health_delay = number
- health_retries = number
- health_timeout = number
- health_type = string
- pool_member_port = string
+ name = string
+ type = string
+ listener_port = number
+ listener_protocol = string
+ connection_limit = number
+ algorithm = string
+ protocol = string
+ health_delay = number
+ health_retries = number
+ health_timeout = number
+ health_type = string
+ pool_member_port = string
+ idle_connection_timeout = optional(number)
security_group = optional(
object({
name = string
diff --git a/variables.tf b/variables.tf
index 02655b1e6..0fa970b59 100644
--- a/variables.tf
+++ b/variables.tf
@@ -314,18 +314,19 @@ variable "vsi" {
))
load_balancers = optional(list(
object({
- name = string
- type = string
- listener_port = number
- listener_protocol = string
- connection_limit = number
- algorithm = string
- protocol = string
- health_delay = number
- health_retries = number
- health_timeout = number
- health_type = string
- pool_member_port = string
+ name = string
+ type = string
+ listener_port = number
+ listener_protocol = string
+ connection_limit = number
+ algorithm = string
+ protocol = string
+ health_delay = number
+ health_retries = number
+ health_timeout = number
+ health_type = string
+ pool_member_port = string
+ idle_connection_timeout = optional(number)
security_group = optional(
object({
name = string
@@ -1328,18 +1329,19 @@ variable "f5_vsi" {
))
load_balancers = optional(list(
object({
- name = string
- type = string
- listener_port = number
- listener_protocol = string
- connection_limit = number
- algorithm = string
- protocol = string
- health_delay = number
- health_retries = number
- health_timeout = number
- health_type = string
- pool_member_port = string
+ name = string
+ type = string
+ listener_port = number
+ listener_protocol = string
+ connection_limit = number
+ algorithm = string
+ protocol = string
+ health_delay = number
+ health_retries = number
+ health_timeout = number
+ health_type = string
+ pool_member_port = string
+ idle_connection_timeout = optional(number)
security_group = optional(
object({
name = string