Dynamic Secondary IP Lookup via Remote State
This section explains how primary and secondary exchange nginx-ingress LoadBalancer IPs through Terraform remote state.
The primary cluster dynamically discovers the secondary cluster's LoadBalancer IP using the Terraform remote state.
How it works
Primary (active) cluster:
Uses the local nginx-ingress LoadBalancer IP as the
primary_ingest_lb_ipReads the
secondary_ingest_lb_ipfrom the secondary's remote stateUses the secondary IP for DNS, and (when
use_external_health_check=true) as an additional target in the external HTTPS health check monitor
Secondary (standby) cluster:
Reads
primary_ingest_lb_ipfrom primary's remote stateUses the local nginx-ingress LoadBalancer IP as the
secondary_ingest_lb_ip
Configuration (primary tfvars)
# Secondary Remote State Configuration
secondary_remote_state_config = {
backend = "oci"
workspace = "secondary"
config = {
bucket = "your-terraform-state-bucket"
namespace = "your-namespace"
region = "us-chicago-1"
key = "env:/logscale-oci-oke"
auth = "ApiKey"
config_file_profile = "DEFAULT"
}
}Verification
# Check that secondary IP is dynamically discovered
terraform workspace select primary
terraform output secondary_ingest_lb_ip
# Should show the secondary cluster's LB IP (e.g., 163.192.105.34)
# Verify steering policy answers (should include secondary when secondary_ingest_lb_ip is known at apply time)
oci dns steering-policy get --steering-policy-id "$(terraform output -raw steering_policy_id)" \
--profile <profile> --output json \
| jq '.data.answers[] | {name: .name, rdata: .rdata, is_disabled: .is_disabled}'
# External health check mode only (use_external_health_check=true):
# Verify the single HTTPS monitor targets include both primary and secondary IPs
PRIMARY_HC_ID="$(terraform output -json primary_health_check_id | jq -r .)"
if [[ "$PRIMARY_HC_ID" != "null" ]]; then
oci health-checks http-monitor get --monitor-id "$PRIMARY_HC_ID" \
--profile <profile> --output json | jq '.data.targets'
fi