feat: create nginx resources in terraform (#264)

Signed-off-by: ankitm123 <[email protected]>
jenkins-x · May 26, 2021 · 0bea394 · 0bea394
1 parent fcd5b69
commit 0bea394
Show file tree

Hide file tree

Showing 9 changed files with 174 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -17,6 +17,7 @@ The module makes use of the [Terraform EKS cluster Module](https://github.com/te
     - [Cluster Autoscaling](#cluster-autoscaling)
     - [Long Term Storage](#long-term-storage)
     - [Vault](#vault)
+    - [Nginx](#nginx)
     - [ExternalDNS](#externaldns)
     - [cert-manager](#cert-manager)
     - [Velero Backups](#velero-backups)
@@ -166,6 +167,8 @@ The following sections provide a full list of configuration in- and output varia
 | create\_ctrlb\_role | Flag to control controller build iam role creation | `bool` | `true` | no |
 | create\_eks | Controls if EKS cluster and associated resources should be created or not. If you have an existing eks cluster for jx, set it to false | `bool` | `true` | no |
 | create\_exdns\_role | Flag to control external dns iam role creation | `bool` | `true` | no |
+| create\_nginx | Decides whether we want to create nginx resources using terraform or not | `bool` | `false` | no |
+| create\_nginx\_namespace | Boolean to control nginx namespace creation | `bool` | `true` | no |
 | create\_pipeline\_vis\_role | Flag to control pipeline visualizer role | `bool` | `true` | no |
 | create\_tekton\_role | Flag to control tekton iam role creation | `bool` | `true` | no |
 | create\_velero\_role | Flag to control velero iam role creation | `bool` | `true` | no |
@@ -203,6 +206,10 @@ The following sections provide a full list of configuration in- and output varia
 | map\_users | Additional IAM users to add to the aws-auth configmap. | <pre>list(object({<br>    userarn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
 | max\_node\_count | The maximum number of worker nodes to use for the cluster | `number` | `5` | no |
 | min\_node\_count | The minimum number of worker nodes to use for the cluster | `number` | `3` | no |
+| nginx\_chart\_version | nginx chart version | `string` | n/a | yes |
+| nginx\_namespace | Name of the nginx namespace | `string` | `"nginx"` | no |
+| nginx\_release\_name | Name of the nginx release name | `string` | `"nginx-ingress"` | no |
+| nginx\_values\_file | Name of the values file which holds the helm chart values | `string` | `"values.yaml"` | no |
 | node\_group\_ami | ami type for the node group worker intances | `string` | `"AL2_x86_64"` | no |
 | node\_group\_disk\_size | node group worker disk size | `string` | `"50"` | no |
 | node\_groups\_managed | List of managed node groups to be created and their respective settings | <pre>map(object({<br>    ami_type                = string<br>    disk_size               = number<br>    desired_capacity        = number<br>    max_capacity            = number<br>    min_capacity            = number<br>    instance_types          = list(string)<br>    launch_template_id      = string<br>    launch_template_version = string<br>    k8s_labels              = map(string)<br>  }))</pre> | `{}` | no |
@@ -349,6 +356,10 @@ To use other secret backends such as AWS Secrets Manager, set `use_vault` variab
 
 :warning: **Note**: AWS Secrets Manager is not supported yet, but will be functional soon. The `use_asm` just sets the `secretStorage` to `asm` instead of vault for now.
 
+### NGINX
+The module can install the nginx chart. Example can be found [here](./example/jx3).
+You can specify a nginx_values.yaml file or the module will use the default one stored [here](./modules/nginx/nginx_values.yaml).
+
 ### ExternalDNS
 
 You can enable [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) with the `enable_external_dns` variable. This modifies the generated _jx-requirements.yml_ file to enable External DNS when running `jx boot`.

diff --git a/examples/jx3/main.tf b/examples/jx3/main.tf
@@ -1,6 +1,15 @@
+provider "aws" {
+  region  = var.region
+  profile = var.profile
+}
+
+
 module "eks-jx" {
   source               = "../../"
   vault_user           = var.vault_user
   is_jx2               = false
   install_kuberhealthy = true
+  create_nginx         = true
+  cluster_version      = "1.20"
+  nginx_chart_version  = "3.12.0"
 }
diff --git a/examples/jx3/nginx_values.yaml b/examples/jx3/nginx_values.yaml
@@ -0,0 +1,23 @@
+fullnameOverride: ingress-nginx
+
+controller:
+  replicaCount: 3
+  extraArgs:
+    publish-service: nginx/ingress-nginx-controller
+  service:
+    enabled: true
+    type: LoadBalancer
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    labels: {}
+  metrics:
+    enabled: true
+    port: 10254
+    service:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "10254"
+rbac:
+  create: true
diff --git a/examples/jx3/variables.tf b/examples/jx3/variables.tf
@@ -2,3 +2,13 @@ variable "vault_user" {
   type    = string
   default = ""
 }
+
+variable "region" {
+  type    = string
+  default = "us-east-1"
+}
+
+variable "profile" {
+  type    = string
+  default = "default"
+}
diff --git a/main.tf b/main.tf
@@ -138,3 +138,15 @@ module "health" {
   is_jx2               = var.is_jx2
   install_kuberhealthy = var.install_kuberhealthy
 }
+
+module "nginx" {
+  source                 = "./modules/nginx"
+  is_jx2                 = var.is_jx2
+  create_nginx           = var.create_nginx
+  nginx_release_name     = var.nginx_release_name
+  nginx_namespace        = var.nginx_namespace
+  nginx_chart_version    = var.nginx_chart_version
+  create_nginx_namespace = var.create_nginx_namespace
+  nginx_values_file            = var.nginx_values_file
+
+}
diff --git a/modules/nginx/main.tf b/modules/nginx/main.tf
@@ -0,0 +1,12 @@
+resource "helm_release" "nginx-ingress" {
+  count            = var.create_nginx && !var.is_jx2 ? 1 : 0
+  name             = var.nginx_release_name
+  chart            = "ingress-nginx"
+  namespace        = var.nginx_namespace
+  repository       = "https://kubernetes.github.io/ingress-nginx"
+  version          = var.nginx_chart_version
+  create_namespace = var.create_nginx_namespace
+  values = [
+    fileexists("${path.cwd}/${var.nginx_values_file}") ? "${file("${path.cwd}/${var.nginx_values_file}")}" : "${file("${path.module}/${var.nginx_values_file}")}"
+  ]
+}
diff --git a/modules/nginx/nginx_values.yaml b/modules/nginx/nginx_values.yaml
@@ -0,0 +1,23 @@
+fullnameOverride: ingress-nginx
+
+controller:
+  replicaCount: 3
+  extraArgs:
+    publish-service: nginx/ingress-nginx-controller
+  service:
+    enabled: true
+    type: LoadBalancer
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    labels: {}
+  metrics:
+    enabled: true
+    port: 10254
+    service:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "10254"
+rbac:
+  create: true
diff --git a/modules/nginx/variables.tf b/modules/nginx/variables.tf
@@ -0,0 +1,39 @@
+variable "is_jx2" {
+  default = true
+  type    = bool
+}
+
+variable "create_nginx" {
+  default     = false
+  type        = bool
+  description = "Decides whether we want to create nginx resources using terraform or not"
+}
+
+variable "nginx_release_name" {
+  default     = "nginx-ingress"
+  type        = string
+  description = "Name of the nginx release name"
+}
+
+variable "nginx_namespace" {
+  default     = "nginx"
+  type        = string
+  description = "Name of the nginx namespace"
+}
+
+variable "nginx_chart_version" {
+  type        = string
+  description = "nginx chart version"
+}
+
+variable "create_nginx_namespace" {
+  default     = true
+  type        = bool
+  description = "Boolean to control nginx namespace creation"
+}
+
+variable "nginx_values_file" {
+  default     = "nginx_values.yaml"
+  type        = string
+  description = "Name of the values file which holds the helm chart values"
+}
diff --git a/variables.tf b/variables.tf
@@ -538,3 +538,38 @@ variable "additional_tekton_role_policy_arns" {
   type        = list(string)
   default     = []
 }
+
+variable "create_nginx" {
+  default     = false
+  type        = bool
+  description = "Decides whether we want to create nginx resources using terraform or not"
+}
+
+variable "nginx_release_name" {
+  default     = "nginx-ingress"
+  type        = string
+  description = "Name of the nginx release name"
+}
+
+variable "nginx_namespace" {
+  default     = "nginx"
+  type        = string
+  description = "Name of the nginx namespace"
+}
+
+variable "nginx_chart_version" {
+  type        = string
+  description = "nginx chart version"
+}
+
+variable "create_nginx_namespace" {
+  default     = true
+  type        = bool
+  description = "Boolean to control nginx namespace creation"
+}
+
+variable "nginx_values_file" {
+  default     = "nginx_values.yaml"
+  type        = string
+  description = "Name of the values file which holds the helm chart values"
+}