ClusterDaemon/terraform-aws-ingress-nginx

Terraform resource module which manages an ingress-nginx release within AWS.

terraform-aws-ingress-nginx

Terraform resource module that deploys an "ingress-nginx" Helm chart from the "stable" repository that creates a TLS-terminated NLB oject in AWS, and provides rich output regarding that NLB. Using this pattern, a suite of applications can be exposed via a single NLB object with TLS protection managed outside of Kubernetes - no need to manage TLS secrets.

This is useful when forming route53 records or VPC endpoint services that point to such an NLB object, as this module provides strong interdependency guarantees that are needed to make such a solution function reliably.

While the included example is written for the EKS Terraform module, this module will work for any Kubernetes implementation in AWS with sufficient permissions. Details on establishing those permissions is not in the scope of this document. If in doubt, try it with EKS.

• terraform-aws-ingress-nginx
  • Dependencies
  • Resource Types
  • Features
  • Usage
  • Inputs
  • Outputs
  • Contributing
  • Change Log
  • Authors

Dependencies

Provider	Version
aws	~> 2.45
kubernetes	~> 1.11
helm	~> 1.3.0

Resource Types

• null_resource
• helm_release

Features:

• Resilient autoscaling ingress controller deployment via Nginx and Helm3.
• Vital output for resulting Kubernetes Service object.
• Vital output for resulting AWS NLB object.
• All resources optionally dependent on arbitrary input variable

Usage:

See the examples directory for complete example usage.

Calling Providers:

provider "aws" {
  region  = var.region
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.eks.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.eks.token
  load_config_file       = false
}

provider "helm" {
  kubernetes {
    host                   = data.aws_eks_cluster.eks.endpoint
    cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data)
    token                  = data.aws_eks_cluster_auth.eks.token
    load_config_file       = false
  }
}

# Obtain data from these sources to establish Kubernetes provider attribute values.
# The name attribute must be filled with the desired EKS cluster ID.
# This code assumes an EKS cluster was established using the EKS module by the name "EKS".

data "aws_eks_cluster" "eks" {
  name = module.eks.cluster_id
}

data "aws_eks_cluster_auth" "eks" {
  name = module.eks.cluster_id
}

Installing the Module:

module "ingress" {
  source = "git@github.com/ClusterDaemon/terraform-aws-ingress-nginx.git?ref=v0.3.0"

  #
  # Input attributes
  #
}

Inputs:

Name	Description	Type	Default	Required
name	Ingress controller Helm chart release name. Must be unique among controller deployments.	string	"nginx"	no
ingress_class	Name of the class which ingress objects will use to route traffic within Kubernetes. Each controller deployment in the same cluster must use a unique class.	string	"nginx"	no
namespace	Ingress controller Helm chart namespace. This affects what namespace the chart is managed in, and consequently where its Kubernetes objects are created. If the namespace_scope variable is set to true, this also affects what namespace the ingress controller watches for events.	string	"default"	no
namespace_scope	Whether to restrict the scope of the ingress controller to a single namespace (defined via the namespace variable). By default, the controller will watch all namespaces for ingress events.	bool	false	no
min_replicas	Ingress controller autoscaling minimum replica count. A reasonable value is typically one replica per fault domain.	number	1	no
max_replicas	Ingress controller autoscaling maximum replica count. Must be greater than or equal to min_replicas.	number	1	no
nlb_cert_arn	Amazon resource name of a TLS/SSL certificate, as managed by AWS Certificate Manager.	string	nil	yes
dependency_string	String input from a resource attribute or module output that forms a dependency on that resource completing before this ingress controller is deployed. The most common usage of this variable is to form an arbitrary dependency on a Kubernetes object, or a Kubernetes cluster.	string	""	no
create_resources	Controls whether any resource in-module is created.	bool	yes	no

Outputs:

Name	Description	Type
nlb_arn	Amazon resource name of the NLB object that is created by Kubernetes when the ingress controller is deployed.	string
nlb_fqdn	Fully qualified domain name of th eingress controller NLB.	string
nlb_zone_id	Route53 zone ID the ingress controller NLB FQDN is registered in.	string
nlb_name	Pretty name in AWS of the ingress controller NLB.	string

Contributing

Report issues/questions/feature requests on in the issues section.

Full contributing guidelines are covered here.

Change Log

The changelog captures all important release notes.

Authors

Created and maintained by David Hay - david.hay@nebulate.tech