Skip to main content

VPC Load Balancers

The NetActuate Terraform provider v2 supports both Layer 4 (network) and Layer 7 (HTTP) load balancers within a VPC. Load balancers distribute traffic across backend VMs for high availability and scaling.

Network Load Balancer (L4)

Network load balancers operate at the TCP/UDP layer. They forward connections to backend VMs based on configurable algorithms and health checks.

resource "netactuate_network_loadbalancer_group" "tcp_lb" {
  network_loadbalancer_id = netactuate_vpc.main.network_loadbalancer_id
  name                    = "web-tcp"
  ip_version              = 4
  algorithm               = "round-robin"
  match_address           = netactuate_vpc.main.bastion_ipv4

  health_check {
    enabled  = true
    method   = "Ping"
    interval = 10
    retries  = 3
    delay    = 5
    timeout  = 5
  }

  rule {
    protocol      = "TCP"
    port_match    = 80
    port_internal = 80
  }

  backend {
    name             = "web-0"
    internal_address = netactuate_server.web[0].private_ip
  }

  backend {
    name             = "web-1"
    internal_address = netactuate_server.web[1].private_ip
  }
}

Key attributes:

  • network_loadbalancer_id -- References the VPC's network load balancer (netactuate_vpc.main.network_loadbalancer_id)
  • ip_version -- IP version: 4 or 6
  • algorithm -- Load balancing method: round-robin, least-connections, locality-based-least-connections, source-hashing, or maglev-consistent-hashing
  • match_address -- The VPC address to match incoming traffic on
  • health_check -- Health monitoring with enabled, method (TCP, UDP, or Ping), interval, retries, delay, and timeout
  • rule -- Protocol (TCP or UDP), port_match (external), and port_internal (backend)
  • backend -- name and internal_address for each backend VM

HTTP Load Balancer (L7)

HTTP load balancers operate at the application layer. They support domain-based routing, SSL termination, sticky sessions, and HTTP health checks.

resource "netactuate_http_loadbalancer_group" "https_lb" {
  http_loadbalancer_id = netactuate_vpc.main.http_loadbalancer_id
  name                 = "web-https"
  algorithm            = "round-robin"
  internal_port        = 80
  match_address        = netactuate_vpc.main.bastion_ipv4
  match_ports          = "80+443"

  rule {
    match_domain           = "app.example.com"
    match_path             = "/"
    ssl_enabled            = true
    ssl_certificate_id     = netactuate_ssl_certificate.app.ssl_certificate_id
    https_redirect_enabled = true
  }

  sticky_sessions_enabled = true

  health_check_active_enabled  = true
  health_check_active_interval = 15
  health_check_active_retries  = 3
  health_check_active_delay    = 5
  health_check_active_timeout  = 5
  health_check_active_path     = "/health"

  backend {
    name             = "web-0"
    internal_address = netactuate_server.web[0].private_ip
  }

  backend {
    name             = "web-1"
    internal_address = netactuate_server.web[1].private_ip
  }
}

Key attributes:

  • http_loadbalancer_id -- References the VPC's HTTP load balancer (netactuate_vpc.main.http_loadbalancer_id)
  • algorithm -- Load balancing method: round-robin or least-connections
  • internal_port -- Port on backend VMs to forward traffic to
  • match_address -- The VPC address to match incoming traffic on
  • match_ports -- Ports to listen on: "80", "443", or "80+443"
  • rule -- Domain/path routing with match_domain, match_path, ssl_enabled, ssl_certificate_id, and https_redirect_enabled
  • sticky_sessions_enabled -- Boolean to enable session affinity
  • health_check_active_* -- Flat health check fields: enabled, interval, retries, delay, timeout, path
  • backend -- name and internal_address for each backend VM

SSL Certificates

Upload SSL certificates for HTTPS termination on HTTP load balancers:

resource "netactuate_ssl_certificate" "app" {
  name        = "app-cert"
  certificate = file("certs/app.example.com.crt")
  private_key = file("certs/app.example.com.key")
}

The resource exports ssl_certificate_id, fingerprint, domains, status, and expiration as computed attributes. Reference ssl_certificate_id in your HTTP load balancer rule configuration.

Backend Templates

Backend templates define reusable backend pools that can be shared across multiple load balancers:

resource "netactuate_vpc_backend_template" "web_pool" {
  vpc_id      = netactuate_vpc.main.id
  name        = "web-backends"
  description = "Backend pool for web servers"

  backend_host {
    name    = "web-0"
    address = netactuate_server.web[0].private_ip
  }

  backend_host {
    name    = "web-1"
    address = netactuate_server.web[1].private_ip
  }
}

Need Help?

If you need assistance with load balancer configuration, visit our support page.