Adapt ingress and dns setup to new cluster service modules

Removes in-module kubernetes service type loadbalancer
rzk · Jun 1, 2021 · c78d624 · c78d624
1 parent 1c8e25f
commit c78d624
Show file tree

Hide file tree

Showing 16 changed files with 121 additions and 146 deletions.
diff --git a/aws/_modules/eks/ingress.tf b/aws/_modules/eks/ingress.tf
@@ -1,70 +1,5 @@
-resource "kubernetes_service" "current" {
-  count = var.disable_default_ingress ? 0 : 1
-
-  provider = kubernetes.eks
-
-  metadata {
-    name      = "ingress-kbst-default"
-    namespace = "ingress-kbst-default"
-  }
-
-  spec {
-    type = "LoadBalancer"
-
-    selector = {
-      "kubestack.com/ingress-default" = "true"
-    }
-
-    port {
-      name        = "http"
-      port        = 80
-      target_port = "http"
-    }
-
-    port {
-      name        = "https"
-      port        = 443
-      target_port = "https"
-    }
-  }
-
-  depends_on = [module.cluster_services]
-}
-
 resource "aws_route53_zone" "current" {
   count = var.disable_default_ingress ? 0 : 1
 
   name = "${var.metadata_fqdn}."
 }
-
-data "aws_elb_hosted_zone_id" "current" {
-  count = var.disable_default_ingress ? 0 : 1
-}
-
-resource "aws_route53_record" "host" {
-  count = var.disable_default_ingress ? 0 : 1
-
-  zone_id = aws_route53_zone.current[0].zone_id
-  name    = var.metadata_fqdn
-  type    = "A"
-
-  alias {
-    name                   = kubernetes_service.current[0].status[0].load_balancer[0].ingress[0].hostname
-    zone_id                = data.aws_elb_hosted_zone_id.current[0].id
-    evaluate_target_health = true
-  }
-}
-
-resource "aws_route53_record" "wildcard" {
-  count = var.disable_default_ingress ? 0 : 1
-
-  zone_id = aws_route53_zone.current[0].zone_id
-  name    = "*.${var.metadata_fqdn}"
-  type    = "A"
-
-  alias {
-    name                   = kubernetes_service.current[0].status[0].load_balancer[0].ingress[0].hostname
-    zone_id                = data.aws_elb_hosted_zone_id.current[0].id
-    evaluate_target_health = true
-  }
-}
diff --git a/aws/cluster-local/elb-dns/variables.tf b/aws/cluster-local/elb-dns/variables.tf
@@ -0,0 +1,14 @@
+variable "ingress_service_name" {
+  type        = string
+  description = "Metadata name of the ingress service."
+}
+
+variable "ingress_service_namespace" {
+  type        = string
+  description = "Metadata namespace of the ingress service."
+}
+
+variable "metadata_fqdn" {
+  type        = string
+  description = "Cluster module FQDN."
+}
diff --git a/aws/cluster-local/elb-dns/versions.tf b/aws/cluster-local/elb-dns/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+
+  required_version = ">= 0.13"
+}
diff --git a/aws/cluster/elb-dns/ingress.tf b/aws/cluster/elb-dns/ingress.tf
@@ -0,0 +1,37 @@
+data "kubernetes_service" "current" {
+  metadata {
+    name      = var.ingress_service_name
+    namespace = var.ingress_service_namespace
+  }
+}
+
+data "aws_route53_zone" "current" {
+  name = "${var.metadata_fqdn}."
+}
+
+data "aws_elb_hosted_zone_id" "current" {
+}
+
+resource "aws_route53_record" "host" {
+  zone_id = data.aws_route53_zone.current.zone_id
+  name    = var.metadata_fqdn
+  type    = "A"
+
+  alias {
+    name                   = data.kubernetes_service.current.status[0].load_balancer[0].ingress[0].hostname
+    zone_id                = data.aws_elb_hosted_zone_id.current.id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "wildcard" {
+  zone_id = data.aws_route53_zone.current.zone_id
+  name    = "*.${var.metadata_fqdn}"
+  type    = "A"
+
+  alias {
+    name                   = data.kubernetes_service.current.status[0].load_balancer[0].ingress[0].hostname
+    zone_id                = data.aws_elb_hosted_zone_id.current.id
+    evaluate_target_health = true
+  }
+}
diff --git a/aws/cluster/elb-dns/variables.tf b/aws/cluster/elb-dns/variables.tf
@@ -0,0 +1,14 @@
+variable "ingress_service_name" {
+  type        = string
+  description = "Metadata name of the ingress service."
+}
+
+variable "ingress_service_namespace" {
+  type        = string
+  description = "Metadata namespace of the ingress service."
+}
+
+variable "metadata_fqdn" {
+  type        = string
+  description = "Cluster module FQDN."
+}
diff --git a/aws/cluster/elb-dns/versions.tf b/aws/cluster/elb-dns/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+
+  required_version = ">= 0.13"
+}
diff --git a/azurerm/_modules/aks/ingress.tf b/azurerm/_modules/aks/ingress.tf
@@ -12,40 +12,6 @@ resource "azurerm_public_ip" "current" {
   depends_on = [azurerm_kubernetes_cluster.current]
 }
 
-resource "kubernetes_service" "current" {
-  count = var.disable_default_ingress ? 0 : 1
-
-  provider = kubernetes.aks
-
-  metadata {
-    name      = "ingress-kbst-default"
-    namespace = "ingress-kbst-default"
-  }
-
-  spec {
-    type             = "LoadBalancer"
-    load_balancer_ip = azurerm_public_ip.current[0].ip_address
-
-    selector = {
-      "kubestack.com/ingress-default" = "true"
-    }
-
-    port {
-      name        = "http"
-      port        = 80
-      target_port = "http"
-    }
-
-    port {
-      name        = "https"
-      port        = 443
-      target_port = "https"
-    }
-  }
-
-  depends_on = [module.cluster_services]
-}
-
 resource "azurerm_dns_zone" "current" {
   count = var.disable_default_ingress ? 0 : 1
 

diff --git a/azurerm/_modules/aks/outputs.tf b/azurerm/_modules/aks/outputs.tf
@@ -6,3 +6,7 @@ output "kubeconfig" {
   sensitive = true
   value     = data.template_file.kubeconfig.rendered
 }
+
+output "default_ingress_ip" {
+  value = length(azurerm_public_ip.current) > 0 ? azurerm_public_ip.current[0].ip_address : null
+}
diff --git a/azurerm/_modules/aks/versions.tf b/azurerm/_modules/aks/versions.tf
@@ -19,12 +19,6 @@ terraform {
       version = ">= 2.0.0"
     }
 
-    kubernetes = {
-      # https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.0.2"
-    }
-
     random = {
       # https://registry.terraform.io/providers/hashicorp/random/latest
       source  = "hashicorp/random"

diff --git a/azurerm/cluster-local/outputs.tf b/azurerm/cluster-local/outputs.tf
@@ -10,3 +10,10 @@ output "kubeconfig" {
   sensitive = true
   value     = module.cluster.kubeconfig
 }
+
+output "default_ingress_ip" {
+  # the cluster module returns an IP as a string
+  # we YAML encode null for cluster-local to provide
+  # a unified output to consumers
+  value = yamlencode(null)
+}
diff --git a/azurerm/cluster/outputs.tf b/azurerm/cluster/outputs.tf
@@ -14,3 +14,7 @@ output "kubeconfig" {
   sensitive = true
   value     = module.cluster.kubeconfig
 }
+
+output "default_ingress_ip" {
+  value = module.cluster.default_ingress_ip
+}
diff --git a/google/_modules/gke/ingress.tf b/google/_modules/gke/ingress.tf
@@ -7,41 +7,6 @@ resource "google_compute_address" "current" {
   name = var.metadata_name
 }
 
-resource "kubernetes_service" "current" {
-  count = var.disable_default_ingress ? 0 : 1
-
-  provider = kubernetes.gke
-
-  metadata {
-    name      = "ingress-kbst-default"
-    namespace = "ingress-kbst-default"
-  }
-
-  spec {
-    type             = "LoadBalancer"
-    load_balancer_ip = google_compute_address.current[0].address
-
-    selector = {
-      "kubestack.com/ingress-default" = "true"
-    }
-
-    port {
-      name        = "http"
-      port        = 80
-      target_port = "http"
-    }
-
-    port {
-      name        = "https"
-      port        = 443
-      target_port = "https"
-    }
-  }
-
-  # the cluster_services module creates the ingress-kbst-default namespace
-  depends_on = [module.cluster_services]
-}
-
 resource "google_dns_managed_zone" "current" {
   count = var.disable_default_ingress ? 0 : 1
 

diff --git a/google/_modules/gke/outputs.tf b/google/_modules/gke/outputs.tf
@@ -1,3 +1,7 @@
 output "kubeconfig" {
   value = data.template_file.kubeconfig.rendered
 }
+
+output "default_ingress_ip" {
+  value = length(google_compute_address.current) > 0 ? google_compute_address.current[0].address : null
+}
diff --git a/google/_modules/gke/versions.tf b/google/_modules/gke/versions.tf
@@ -12,12 +12,6 @@ terraform {
       source  = "hashicorp/google"
       version = ">= 3.55.0"
     }
-
-    kubernetes = {
-      # https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.0.2"
-    }
   }
 
   required_version = ">= 0.13"

diff --git a/google/cluster-local/outputs.tf b/google/cluster-local/outputs.tf
@@ -9,3 +9,10 @@ output "current_metadata" {
 output "kubeconfig" {
   value = module.cluster.kubeconfig
 }
+
+output "default_ingress_ip" {
+  # the cluster module returns an IP as a string
+  # we YAML encode null for cluster-local to provide
+  # a unified output to consumers
+  value = yamlencode(null)
+}
diff --git a/google/cluster/outputs.tf b/google/cluster/outputs.tf
@@ -9,3 +9,7 @@ output "current_metadata" {
 output "kubeconfig" {
   value = module.cluster.kubeconfig
 }
+
+output "default_ingress_ip" {
+  value = module.cluster.default_ingress_ip
+}