Fix support for the nginx ingress controller.

terraform/modules/cluster/main.tf

@@ -46,12 +46,6 @@ variable "public_ingress" {
 variable "ingress_type" {
   description = "What controller should we use to handle incoming http(s) connections."
   type        = string
-  default     = "gateway"
-
-  validation {
-    condition     = contains(["gateway"], var.ingress_type)
-    error_message = "Currently only \"gateway\" is supported."
-  }
 }
 
 variable "main_k8s_namespace" {

terraform/modules/k8s_workload/ingress_nginx.tf

@@ -8,8 +8,9 @@
 #   controller: k8s.io/ingress-nginx
 
 module "nginx_ingress_controller" {
-  count  = var.ingress_type == "nginx" ? 1 : 0
-  source = "../nginx_ingress_controller"
+  count          = var.ingress_type == "nginx" ? 1 : 0
+  source         = "../nginx_ingress_controller"
+  public_ingress = var.public_ingress
 }
 
 resource "kubernetes_ingress_v1" "ingress_nginx" {
@@ -18,7 +19,7 @@ resource "kubernetes_ingress_v1" "ingress_nginx" {
   metadata {
     name = "${var.cluster.name}-${each.value.metadata[0].name}"
     annotations = {
-      "kubernetes.io/ingress.class" = var.public_ingress ? "gce" : "gce-internal"
+      "kubernetes.io/ingress.class" = "nginx"
     }
   }
 
@@ -41,5 +42,5 @@ resource "kubernetes_ingress_v1" "ingress_nginx" {
     }
   }
 
-  depends_on = [time_sleep.wait_service_cleanup]
+  depends_on = [time_sleep.wait_service_cleanup, module.nginx_ingress_controller]
 }

terraform/modules/nginx_ingress_controller/ingress-nginx-controller-v1.12.0.tf

@@ -514,7 +514,6 @@ resource "kubernetes_manifest" "clusterrolebinding_ingress_nginx_admission" {
 resource "kubernetes_manifest" "configmap_ingress_nginx_ingress_nginx_controller" {
   manifest = {
     "apiVersion" = "v1"
-    "data"       = null
     "kind"       = "ConfigMap"
     "metadata" = {
       "labels" = {
@@ -535,6 +534,9 @@ resource "kubernetes_manifest" "service_ingress_nginx_ingress_nginx_controller"
     "apiVersion" = "v1"
     "kind"       = "Service"
     "metadata" = {
+      "annotations" = {
+        "networking.gke.io/load-balancer-type" = var.public_ingress ? "External" : "Internal"
+      }
       "labels" = {
         "app.kubernetes.io/component" = "controller"
         "app.kubernetes.io/instance"  = "ingress-nginx"
@@ -612,6 +614,7 @@ resource "kubernetes_manifest" "service_ingress_nginx_ingress_nginx_controller_a
 }
 
 resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controller" {
+  computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"]
   manifest = {
     "apiVersion" = "apps/v1"
     "kind"       = "Deployment"
@@ -627,7 +630,6 @@ resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controlle
       "namespace" = kubernetes_manifest.namespace_ingress_nginx.manifest.metadata.name
     }
     "spec" = {
-      "minReadySeconds"      = 0
       "revisionHistoryLimit" = 10
       "selector" = {
         "matchLabels" = {
@@ -795,6 +797,7 @@ resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controlle
 }
 
 resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_create" {
+  computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"]
   manifest = {
     "apiVersion" = "batch/v1"
     "kind"       = "Job"
@@ -872,6 +875,7 @@ resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_create
 }
 
 resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_patch" {
+  computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"]
   manifest = {
     "apiVersion" = "batch/v1"
     "kind"       = "Job"

terraform/modules/nginx_ingress_controller/main.tf

@@ -7,6 +7,11 @@ terraform {
   }
 }
 
+variable "public_ingress" {
+  description = "Set to true to make the kubernetes ingresses exposed to the public internet."
+  type        = bool
+}
+
 data "google_client_config" "default" {}
 
 resource "kubernetes_cluster_role_binding" "cluster_admin_binding" {