Merge pull request #51 from ministryofjustice/remove-old-ic

Update module to remove old ingress controller
ministryofjustice · Nov 21, 2022 · 2c5474f · 2c5474f
2 parents 1d37c11 + 53dcc52
commit 2c5474f
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -48,6 +48,7 @@ No modules.
 | <a name="input_cluster_domain_name"></a> [cluster\_domain\_name](#input\_cluster\_domain\_name) | The cluster domain used for externalDNS annotations and certmanager | `any` | n/a | yes |
 | <a name="input_controller_name"></a> [controller\_name](#input\_controller\_name) | Will be used as the ingress controller name and the class annotation | `string` | n/a | yes |
 | <a name="input_default_cert"></a> [default\_cert](#input\_default\_cert) | Useful if you want to use a default certificate for your ingress controller. Format: namespace/secretName | `string` | `"ingress-controllers/default-certificate"` | no |
+| <a name="input_dependence_certmanager"></a> [dependence\_certmanager](#input\_dependence\_certmanager) | cert-manager module dependences in order to be executed. | `any` | n/a | yes |
 | <a name="input_enable_external_dns_annotation"></a> [enable\_external\_dns\_annotation](#input\_enable\_external\_dns\_annotation) | Add external dns annotation for service | `bool` | `false` | no |
 | <a name="input_enable_latest_tls"></a> [enable\_latest\_tls](#input\_enable\_latest\_tls) | Provide support to tlsv1.3 along with tlsv1.2 | `bool` | `false` | no |
 | <a name="input_enable_modsec"></a> [enable\_modsec](#input\_enable\_modsec) | Enable https://github.com/SpiderLabs/ModSecurity-nginx | `bool` | `false` | no |

diff --git a/example/ingress.tf b/example/ingress.tf
@@ -6,6 +6,7 @@ module "ingress_controllers" {
   cluster_domain_name = "dummy"
   is_live_cluster     = false
   live1_cert_dns_name = "dummy"
+  dependence_certmanager = "ignore"
 
 }
 
@@ -19,6 +20,7 @@ module "modsec_ingress_controllers" {
   live1_cert_dns_name = "dummy"
   enable_modsec       = true
   enable_owasp        = true
+  dependence_certmanager = "ignore"
 
   depends_on = [module.ingress_controllers]
 }
diff --git a/main.tf b/main.tf
@@ -11,7 +11,7 @@ locals {
 #############
 
 resource "kubernetes_namespace" "ingress_controllers" {
-  count = var.controller_name == "nginx" ? 1 : 0
+  count = var.controller_name == "default" ? 1 : 0
   metadata {
     name = "ingress-controllers"
 
@@ -50,20 +50,21 @@ resource "helm_release" "nginx_ingress" {
     replica_count                  = var.replica_count
     default_cert                   = var.default_cert
     controller_name                = var.controller_name
-    controller_value               = var.controller_name == "nginx" ? "k8s.io/ingress-nginx" : "k8s.io/ingress-${var.controller_name}"
+    controller_value               = "k8s.io/ingress-${var.controller_name}"
     enable_modsec                  = var.enable_modsec
     enable_latest_tls              = var.enable_latest_tls
     enable_owasp                   = var.enable_owasp
-    default                        = var.controller_name == "nginx" ? true : false
-    name_override                  = var.controller_name == "nginx" ? "ingress-nginx" : "ingress-${var.controller_name}"
+    default                        = var.controller_name == "default" ? true : false
+    name_override                  = "ingress-${var.controller_name}"
     enable_external_dns_annotation = var.enable_external_dns_annotation
     backend_repo                   = var.backend_repo
     backend_tag                    = var.backend_tag
   })]
 
   depends_on = [
     kubernetes_namespace.ingress_controllers,
-    kubernetes_config_map.modsecurity_nginx_config
+    kubernetes_config_map.modsecurity_nginx_config,
+    var.dependence_certmanager
   ]
 
   lifecycle {
@@ -89,11 +90,12 @@ data "template_file" "nginx_ingress_default_certificate" {
 }
 
 resource "kubectl_manifest" "nginx_ingress_default_certificate" {
-  count     = var.controller_name == "nginx" ? 1 : 0
+  count     = var.controller_name == "default" ? 1 : 0
   yaml_body = data.template_file.nginx_ingress_default_certificate.rendered
 
   depends_on = [
     kubernetes_namespace.ingress_controllers,
+    var.dependence_certmanager
   ]
 }
 

diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl
@@ -154,6 +154,7 @@ controller:
 %{ if enable_external_dns_annotation }
       external-dns.alpha.kubernetes.io/hostname: "${external_dns_annotation}"
 %{~ endif ~}
+
       service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
       service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
     externalTrafficPolicy: "Local"

diff --git a/variables.tf b/variables.tf
@@ -67,3 +67,7 @@ variable "enable_external_dns_annotation" {
   type        = bool
   default     = false
 }
+
+variable "dependence_certmanager" {
+  description = "cert-manager module dependences in order to be executed."
+}