diff --git a/README.md b/README.md index f58b85c..b0738a5 100644 --- a/README.md +++ b/README.md @@ -304,6 +304,8 @@ Question and Answer [GKE assigns a separate IP address to each `Ingress`](https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#limitations), but we can have a single `Gateway` with an IP address and then any quantity of `HTTPRoute`. This is a design choice for GKE, and not a limitation of kubernetes. +If you need to use `Ingress`, we can achieve the same efficiency for IP addresses by using the nginx ingress controller. This can be enabled by passing `-var ingress_type=nginx`. + Clean Up ======== Just like we did a 2-stage apply by toggling the `cluster_exists` variable, we will need to do a 2-stage destroy. First we tear down any kubernetes resources by running *apply* with the `cluster_exists` variable set to `false`. Then we can destroy the entire project. diff --git a/terraform/main.tf b/terraform/main.tf index 323c8cd..2e63407 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -48,6 +48,11 @@ variable "ingress_type" { description = "What controller should we use to handle incoming http(s) connections." type = string default = "gateway" + + validation { + condition = contains(["gateway", "nginx"], var.ingress_type) + error_message = "Must be either \"gateway\" or \"nginx\"." + } } variable "cluster_exists" { diff --git a/terraform/modules/cluster/main.tf b/terraform/modules/cluster/main.tf index 377d1b4..0e2b14e 100644 --- a/terraform/modules/cluster/main.tf +++ b/terraform/modules/cluster/main.tf @@ -46,12 +46,6 @@ variable "public_ingress" { variable "ingress_type" { description = "What controller should we use to handle incoming http(s) connections." type = string - default = "gateway" - - validation { - condition = contains(["gateway"], var.ingress_type) - error_message = "Currently only \"gateway\" is supported." - } } variable "main_k8s_namespace" { diff --git a/terraform/modules/k8s_workload/ingress_nginx.tf b/terraform/modules/k8s_workload/ingress_nginx.tf index 984615a..57426f9 100644 --- a/terraform/modules/k8s_workload/ingress_nginx.tf +++ b/terraform/modules/k8s_workload/ingress_nginx.tf @@ -8,8 +8,9 @@ # controller: k8s.io/ingress-nginx module "nginx_ingress_controller" { - count = var.ingress_type == "nginx" ? 1 : 0 - source = "../nginx_ingress_controller" + count = var.ingress_type == "nginx" ? 1 : 0 + source = "../nginx_ingress_controller" + public_ingress = var.public_ingress } resource "kubernetes_ingress_v1" "ingress_nginx" { @@ -18,7 +19,7 @@ resource "kubernetes_ingress_v1" "ingress_nginx" { metadata { name = "${var.cluster.name}-${each.value.metadata[0].name}" annotations = { - "kubernetes.io/ingress.class" = var.public_ingress ? "gce" : "gce-internal" + "kubernetes.io/ingress.class" = "nginx" } } @@ -41,5 +42,5 @@ resource "kubernetes_ingress_v1" "ingress_nginx" { } } - depends_on = [time_sleep.wait_service_cleanup] + depends_on = [time_sleep.wait_service_cleanup, module.nginx_ingress_controller] } diff --git a/terraform/modules/nginx_ingress_controller/ingress-nginx-controller-v1.12.0.tf b/terraform/modules/nginx_ingress_controller/ingress-nginx-controller-v1.12.0.tf index 656be3e..6f98b76 100644 --- a/terraform/modules/nginx_ingress_controller/ingress-nginx-controller-v1.12.0.tf +++ b/terraform/modules/nginx_ingress_controller/ingress-nginx-controller-v1.12.0.tf @@ -514,7 +514,6 @@ resource "kubernetes_manifest" "clusterrolebinding_ingress_nginx_admission" { resource "kubernetes_manifest" "configmap_ingress_nginx_ingress_nginx_controller" { manifest = { "apiVersion" = "v1" - "data" = null "kind" = "ConfigMap" "metadata" = { "labels" = { @@ -535,6 +534,9 @@ resource "kubernetes_manifest" "service_ingress_nginx_ingress_nginx_controller" "apiVersion" = "v1" "kind" = "Service" "metadata" = { + "annotations" = { + "networking.gke.io/load-balancer-type" = var.public_ingress ? "External" : "Internal" + } "labels" = { "app.kubernetes.io/component" = "controller" "app.kubernetes.io/instance" = "ingress-nginx" @@ -612,6 +614,7 @@ resource "kubernetes_manifest" "service_ingress_nginx_ingress_nginx_controller_a } resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controller" { + computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"] manifest = { "apiVersion" = "apps/v1" "kind" = "Deployment" @@ -627,7 +630,6 @@ resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controlle "namespace" = kubernetes_manifest.namespace_ingress_nginx.manifest.metadata.name } "spec" = { - "minReadySeconds" = 0 "revisionHistoryLimit" = 10 "selector" = { "matchLabels" = { @@ -795,6 +797,7 @@ resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controlle } resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_create" { + computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"] manifest = { "apiVersion" = "batch/v1" "kind" = "Job" @@ -872,6 +875,7 @@ resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_create } resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_patch" { + computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"] manifest = { "apiVersion" = "batch/v1" "kind" = "Job" diff --git a/terraform/modules/nginx_ingress_controller/main.tf b/terraform/modules/nginx_ingress_controller/main.tf index ef57cc4..8b54861 100644 --- a/terraform/modules/nginx_ingress_controller/main.tf +++ b/terraform/modules/nginx_ingress_controller/main.tf @@ -7,6 +7,11 @@ terraform { } } +variable "public_ingress" { + description = "Set to true to make the kubernetes ingresses exposed to the public internet." + type = bool +} + data "google_client_config" "default" {} resource "kubernetes_cluster_role_binding" "cluster_admin_binding" {