This is a Terraform module which provides AWS ALB and Route53 for publishing services via nginx-ingress on kops.
It provides the following stack:
HTTPS requests are transfered to a pod via the external ALB and the node port of nginx-ingress (e.g. tcp/30080).
This is an open source software licensed under Apache License 2.0. Feel free to bring up issues and pull requests.
Bootstrap a Kubernetes cluster:
export AWS_DEFAULT_REGION="us-west-2"
export KOPS_CLUSTER_NAME="hello.k8s.local"
kubernetes_ingress_domain="hello.example.com"
state_store_bucket_name="state.hello.k8s.local"
# Create a public hosted zone for the domain
aws route53 create-hosted-zone --name "$kubernetes_ingress_domain" --caller-reference "$(date)"
# Request a certificate for the wildcard domain
aws acm request-certificate --domain-name "*.$kubernetes_ingress_domain" --validation-method DNS
# Create a bucket for the state store of kops and Terraform
aws s3api create-bucket \
--bucket "$state_store_bucket_name" \
--region "$AWS_DEFAULT_REGION" \
--create-bucket-configuration "LocationConstraint=$AWS_DEFAULT_REGION"
aws s3api put-bucket-versioning \
--bucket "$state_store_bucket_name" \
--versioning-configuration "Status=Enabled"
# Create a cluster
kops create cluster --name "$KOPS_CLUSTER_NAME" --zones "${AWS_DEFAULT_REGION}a"
kops update cluster --yes
Load the module:
module "kops_alb" {
source = "int128/kops-alb/aws"
kops_cluster_name = "hello.k8s.local"
kubernetes_ingress_domain = "hello.example.com"
}
Run Terraform and then install nginx-ingress:
# Create AWS resources
terraform init
terraform apply
# Install Helm
kubectl create -f helm-service-account.yaml
helm init --service-account tiller --history-max 100
# Install nginx-ingress
helmfile sync
See examples for more.
This module assumes the following resources exist:
- Route53 hosted zone of the domain
kubernetes_ingress_domain
- ACM certificate of the wildcard domain
*.kubernetes_ingress_domain
- VPC for the cluster
kops_cluster_name
- Subnets for the cluster
kops_cluster_name
- Auto scaling group for the nodes of the cluster
kops_cluster_name
- Security group for the masters of the cluster
kops_cluster_name
- Security group for the nodes of the cluster
kops_cluster_name
Name | Description | Type | Default | Required |
---|---|---|---|---|
alb_external_allow_ip | List of IP addresses to allow to the external ALB | list | <list> |
no |
alb_internal_enabled | Enable the internal ALB (needed if the external ALB is not public) | string | "false" |
no |
kops_cluster_name | Kubernetes cluster name | string | n/a | yes |
kops_ig_nodes_names | List of name of instance-group nodes managed by kops | list | <list> |
no |
kubernetes_ingress_domain | Domain name for the external/internal ALB | string | n/a | yes |
kubernetes_ingress_port | Node port of the ingress controller | string | "30080" |
no |
Name | Description |
---|---|
kops_cluster_name | Kubernetes cluster name |
kops_subnet_ids | IDs of subnets managed by kops |
kops_vpc_id | ID of VPC managed by kops |
sgid_allow_from_nodes | ID of security group which is allowed from Kubernetes nodes |