Skip to content
This repository has been archived by the owner on Jul 21, 2024. It is now read-only.

Terraform module for ALB, Route53 and nginx-ingress with kops on AWS

License

Notifications You must be signed in to change notification settings

int128/terraform-aws-kops-alb

Repository files navigation

terraform-aws-kops-alb CircleCI

This is a Terraform module which provides AWS ALB and Route53 for publishing services via nginx-ingress on kops.

It provides the following stack:

aws-diagram.png

HTTPS requests are transfered to a pod via the external ALB and the node port of nginx-ingress (e.g. tcp/30080).

This is an open source software licensed under Apache License 2.0. Feel free to bring up issues and pull requests.

Example

Bootstrap a Kubernetes cluster:

export AWS_DEFAULT_REGION="us-west-2"
export KOPS_CLUSTER_NAME="hello.k8s.local"
kubernetes_ingress_domain="hello.example.com"
state_store_bucket_name="state.hello.k8s.local"

# Create a public hosted zone for the domain
aws route53 create-hosted-zone --name "$kubernetes_ingress_domain" --caller-reference "$(date)"

# Request a certificate for the wildcard domain
aws acm request-certificate --domain-name "*.$kubernetes_ingress_domain" --validation-method DNS

# Create a bucket for the state store of kops and Terraform
aws s3api create-bucket \
  --bucket "$state_store_bucket_name" \
  --region "$AWS_DEFAULT_REGION" \
  --create-bucket-configuration "LocationConstraint=$AWS_DEFAULT_REGION"
aws s3api put-bucket-versioning \
  --bucket "$state_store_bucket_name" \
  --versioning-configuration "Status=Enabled"

# Create a cluster
kops create cluster --name "$KOPS_CLUSTER_NAME" --zones "${AWS_DEFAULT_REGION}a"
kops update cluster --yes

Load the module:

module "kops_alb" {
  source                    = "int128/kops-alb/aws"
  kops_cluster_name         = "hello.k8s.local"
  kubernetes_ingress_domain = "hello.example.com"
}

Run Terraform and then install nginx-ingress:

# Create AWS resources
terraform init
terraform apply

# Install Helm
kubectl create -f helm-service-account.yaml
helm init --service-account tiller --history-max 100

# Install nginx-ingress
helmfile sync

See examples for more.

Prerequisite

This module assumes the following resources exist:

  • Route53 hosted zone of the domain kubernetes_ingress_domain
  • ACM certificate of the wildcard domain *.kubernetes_ingress_domain
  • VPC for the cluster kops_cluster_name
  • Subnets for the cluster kops_cluster_name
  • Auto scaling group for the nodes of the cluster kops_cluster_name
  • Security group for the masters of the cluster kops_cluster_name
  • Security group for the nodes of the cluster kops_cluster_name

Inputs

Name Description Type Default Required
alb_external_allow_ip List of IP addresses to allow to the external ALB list <list> no
alb_internal_enabled Enable the internal ALB (needed if the external ALB is not public) string "false" no
kops_cluster_name Kubernetes cluster name string n/a yes
kops_ig_nodes_names List of name of instance-group nodes managed by kops list <list> no
kubernetes_ingress_domain Domain name for the external/internal ALB string n/a yes
kubernetes_ingress_port Node port of the ingress controller string "30080" no

Outputs

Name Description
kops_cluster_name Kubernetes cluster name
kops_subnet_ids IDs of subnets managed by kops
kops_vpc_id ID of VPC managed by kops
sgid_allow_from_nodes ID of security group which is allowed from Kubernetes nodes