Fix support for the nginx ingress controller.

2025-03-22 16:11:04 -04:00 · 2025-03-22 16:11:04 -04:00 · 91dd7095da
commit 91dd7095da
parent 8a0f78032c
6 changed files with 23 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -304,6 +304,8 @@ Question and Answer

 [GKE assigns a separate IP address to each `Ingress`](https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#limitations), but we can have a single `Gateway` with an IP address and then any quantity of `HTTPRoute`. This is a design choice for GKE, and not a limitation of kubernetes.

+If you need to use `Ingress`, we can achieve the same efficiency for IP addresses by using the nginx ingress controller. This can be enabled by passing `-var ingress_type=nginx`.
+
 Clean Up
 ========
 Just like we did a 2-stage apply by toggling the `cluster_exists` variable, we will need to do a 2-stage destroy. First we tear down any kubernetes resources by running *apply* with the `cluster_exists` variable set to `false`. Then we can destroy the entire project.
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -48,6 +48,11 @@ variable "ingress_type" {
  description = "What controller should we use to handle incoming http(s) connections."
  type        = string
  default     = "gateway"
+
+  validation {
+    condition     = contains(["gateway", "nginx"], var.ingress_type)
+    error_message = "Must be either \"gateway\" or \"nginx\"."
+  }
 }

 variable "cluster_exists" {
--- a/terraform/modules/cluster/main.tf
+++ b/terraform/modules/cluster/main.tf
@ -46,12 +46,6 @@ variable "public_ingress" {
 variable "ingress_type" {
  description = "What controller should we use to handle incoming http(s) connections."
  type        = string
-  default     = "gateway"
-
-  validation {
-    condition     = contains(["gateway"], var.ingress_type)
-    error_message = "Currently only \"gateway\" is supported."
-  }
 }

 variable "main_k8s_namespace" {
--- a/terraform/modules/k8s_workload/ingress_nginx.tf
+++ b/terraform/modules/k8s_workload/ingress_nginx.tf
@ -8,8 +8,9 @@
 #   controller: k8s.io/ingress-nginx

 module "nginx_ingress_controller" {
-  count  = var.ingress_type == "nginx" ? 1 : 0
-  source = "../nginx_ingress_controller"
+  count          = var.ingress_type == "nginx" ? 1 : 0
+  source         = "../nginx_ingress_controller"
+  public_ingress = var.public_ingress
 }

 resource "kubernetes_ingress_v1" "ingress_nginx" {
@ -18,7 +19,7 @@ resource "kubernetes_ingress_v1" "ingress_nginx" {
  metadata {
    name = "${var.cluster.name}-${each.value.metadata[0].name}"
    annotations = {
-      "kubernetes.io/ingress.class" = var.public_ingress ? "gce" : "gce-internal"
+      "kubernetes.io/ingress.class" = "nginx"
    }
  }

@ -41,5 +42,5 @@ resource "kubernetes_ingress_v1" "ingress_nginx" {
    }
  }

-  depends_on = [time_sleep.wait_service_cleanup]
+  depends_on = [time_sleep.wait_service_cleanup, module.nginx_ingress_controller]
 }
--- a/terraform/modules/nginx_ingress_controller/ingress-nginx-controller-v1.12.0.tf
+++ b/terraform/modules/nginx_ingress_controller/ingress-nginx-controller-v1.12.0.tf
@ -514,7 +514,6 @@ resource "kubernetes_manifest" "clusterrolebinding_ingress_nginx_admission" {
 resource "kubernetes_manifest" "configmap_ingress_nginx_ingress_nginx_controller" {
  manifest = {
    "apiVersion" = "v1"
-    "data"       = null
    "kind"       = "ConfigMap"
    "metadata" = {
      "labels" = {
@ -535,6 +534,9 @@ resource "kubernetes_manifest" "service_ingress_nginx_ingress_nginx_controller"
    "apiVersion" = "v1"
    "kind"       = "Service"
    "metadata" = {
+      "annotations" = {
+        "networking.gke.io/load-balancer-type" = var.public_ingress ? "External" : "Internal"
+      }
      "labels" = {
        "app.kubernetes.io/component" = "controller"
        "app.kubernetes.io/instance"  = "ingress-nginx"
@ -612,6 +614,7 @@ resource "kubernetes_manifest" "service_ingress_nginx_ingress_nginx_controller_a
 }

 resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controller" {
+  computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"]
  manifest = {
    "apiVersion" = "apps/v1"
    "kind"       = "Deployment"
@ -627,7 +630,6 @@ resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controlle
      "namespace" = kubernetes_manifest.namespace_ingress_nginx.manifest.metadata.name
    }
    "spec" = {
-      "minReadySeconds"      = 0
      "revisionHistoryLimit" = 10
      "selector" = {
        "matchLabels" = {
@ -795,6 +797,7 @@ resource "kubernetes_manifest" "deployment_ingress_nginx_ingress_nginx_controlle
 }

 resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_create" {
+  computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"]
  manifest = {
    "apiVersion" = "batch/v1"
    "kind"       = "Job"
@ -872,6 +875,7 @@ resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_create
 }

 resource "kubernetes_manifest" "job_ingress_nginx_ingress_nginx_admission_patch" {
+  computed_fields = ["metadata.annotations", "metadata.labels", "spec.template.metadata.labels"]
  manifest = {
    "apiVersion" = "batch/v1"
    "kind"       = "Job"
--- a/terraform/modules/nginx_ingress_controller/main.tf
+++ b/terraform/modules/nginx_ingress_controller/main.tf
@ -7,6 +7,11 @@ terraform {
  }
 }

+variable "public_ingress" {
+  description = "Set to true to make the kubernetes ingresses exposed to the public internet."
+  type        = bool
+}
+
 data "google_client_config" "default" {}

 resource "kubernetes_cluster_role_binding" "cluster_admin_binding" {