From 59c9e5a50e9f16d77394137cee24d2373fcafc61 Mon Sep 17 00:00:00 2001 From: Vijay Veeranki Date: Wed, 7 Sep 2022 16:45:55 +0100 Subject: [PATCH 1/5] Add dependence cert-manger --- main.tf | 4 +++- variables.tf | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index ea4f50a..39c9ce3 100644 --- a/main.tf +++ b/main.tf @@ -63,7 +63,8 @@ resource "helm_release" "nginx_ingress" { depends_on = [ kubernetes_namespace.ingress_controllers, - kubernetes_config_map.modsecurity_nginx_config + kubernetes_config_map.modsecurity_nginx_config, + var.dependence_certmanager ] lifecycle { @@ -94,6 +95,7 @@ resource "kubectl_manifest" "nginx_ingress_default_certificate" { depends_on = [ kubernetes_namespace.ingress_controllers, + var.dependence_certmanager ] } diff --git a/variables.tf b/variables.tf index b1070b3..30940d2 100644 --- a/variables.tf +++ b/variables.tf @@ -67,3 +67,7 @@ variable "enable_external_dns_annotation" { type = bool default = false } + +variable "dependence_certmanager" { + description = "cert-manager module dependences in order to be executed." +} \ No newline at end of file From 2a0b90ad1d12a0617c2bd2533d6beb4f09fde831 Mon Sep 17 00:00:00 2001 From: Vijay Veeranki Date: Mon, 3 Oct 2022 16:16:17 +0100 Subject: [PATCH 2/5] Update ingress controller module This is to remove references of nginx class used for old IC --- main.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 39c9ce3..30a4208 100644 --- a/main.tf +++ b/main.tf @@ -11,7 +11,7 @@ locals { ############# resource "kubernetes_namespace" "ingress_controllers" { - count = var.controller_name == "nginx" ? 1 : 0 + count = var.controller_name == "default" ? 1 : 0 metadata { name = "ingress-controllers" @@ -50,12 +50,12 @@ resource "helm_release" "nginx_ingress" { replica_count = var.replica_count default_cert = var.default_cert controller_name = var.controller_name - controller_value = var.controller_name == "nginx" ? "k8s.io/ingress-nginx" : "k8s.io/ingress-${var.controller_name}" + controller_value = "k8s.io/ingress-${var.controller_name}" enable_modsec = var.enable_modsec enable_latest_tls = var.enable_latest_tls enable_owasp = var.enable_owasp - default = var.controller_name == "nginx" ? true : false - name_override = var.controller_name == "nginx" ? "ingress-nginx" : "ingress-${var.controller_name}" + default = var.controller_name == "default" ? true : false + name_override = "ingress-${var.controller_name}" enable_external_dns_annotation = var.enable_external_dns_annotation backend_repo = var.backend_repo backend_tag = var.backend_tag @@ -90,7 +90,7 @@ data "template_file" "nginx_ingress_default_certificate" { } resource "kubectl_manifest" "nginx_ingress_default_certificate" { - count = var.controller_name == "nginx" ? 1 : 0 + count = var.controller_name == "default" ? 1 : 0 yaml_body = data.template_file.nginx_ingress_default_certificate.rendered depends_on = [ From 9c8926698780d1e884eb0222e82c2ed84e0815b3 Mon Sep 17 00:00:00 2001 From: Vijay Veeranki Date: Mon, 21 Nov 2022 14:44:08 +0000 Subject: [PATCH 3/5] Fix annotation --- templates/values.yaml.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl index 8333e9d..834268a 100644 --- a/templates/values.yaml.tpl +++ b/templates/values.yaml.tpl @@ -153,6 +153,7 @@ controller: %{ if enable_external_dns_annotation } external-dns.alpha.kubernetes.io/hostname: "${external_dns_annotation}" %{~ endif ~} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" externalTrafficPolicy: "Local" From 9d33301e4f07bcadf58b0570c59a307467df0ab1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 21 Nov 2022 16:02:26 +0000 Subject: [PATCH 4/5] terraform-docs: automated action --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index fb11133..8976727 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ No modules. | [cluster\_domain\_name](#input\_cluster\_domain\_name) | The cluster domain used for externalDNS annotations and certmanager | `any` | n/a | yes | | [controller\_name](#input\_controller\_name) | Will be used as the ingress controller name and the class annotation | `string` | n/a | yes | | [default\_cert](#input\_default\_cert) | Useful if you want to use a default certificate for your ingress controller. Format: namespace/secretName | `string` | `"ingress-controllers/default-certificate"` | no | +| [dependence\_certmanager](#input\_dependence\_certmanager) | cert-manager module dependences in order to be executed. | `any` | n/a | yes | | [enable\_external\_dns\_annotation](#input\_enable\_external\_dns\_annotation) | Add external dns annotation for service | `bool` | `false` | no | | [enable\_latest\_tls](#input\_enable\_latest\_tls) | Provide support to tlsv1.3 along with tlsv1.2 | `bool` | `false` | no | | [enable\_modsec](#input\_enable\_modsec) | Enable https://github.com/SpiderLabs/ModSecurity-nginx | `bool` | `false` | no | From 53dcc52caa48cb7ff97af8a3e2795bdec4962dbc Mon Sep 17 00:00:00 2001 From: Poornima Krishnasamy Date: Mon, 21 Nov 2022 16:08:03 +0000 Subject: [PATCH 5/5] Add certmanager dependence argument --- example/ingress.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/example/ingress.tf b/example/ingress.tf index eb829f6..2729c18 100644 --- a/example/ingress.tf +++ b/example/ingress.tf @@ -6,6 +6,7 @@ module "ingress_controllers" { cluster_domain_name = "dummy" is_live_cluster = false live1_cert_dns_name = "dummy" + dependence_certmanager = "ignore" } @@ -19,6 +20,7 @@ module "modsec_ingress_controllers" { live1_cert_dns_name = "dummy" enable_modsec = true enable_owasp = true + dependence_certmanager = "ignore" depends_on = [module.ingress_controllers] }