fixed ingress namespace not applied

kube-hetzner · Jan 6, 2024 · f0bbbf6 · f0bbbf6
1 parent bf718f4
commit f0bbbf6
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 29 deletions.
diff --git a/init.tf b/init.tf
@@ -160,7 +160,7 @@ resource "null_resource" "kustomization" {
       {
         version          = var.traefik_version
         values           = indent(4, trimspace(local.traefik_values))
-        target_namespace = local.ingress_target_namespace
+        target_namespace = local.ingress_controller_namespace
     })
     destination = "/var/post_install/traefik_ingress.yaml"
   }
@@ -172,7 +172,7 @@ resource "null_resource" "kustomization" {
       {
         version          = var.nginx_version
         values           = indent(4, trimspace(local.nginx_values))
-        target_namespace = local.ingress_target_namespace
+        target_namespace = local.ingress_controller_namespace
     })
     destination = "/var/post_install/nginx_ingress.yaml"
   }
@@ -323,7 +323,7 @@ resource "null_resource" "kustomization" {
       local.has_external_load_balancer ? [] : [
         <<-EOT
       timeout 360 bash <<EOF
-      until [ -n "\$(kubectl get -n ${lookup(local.ingress_controller_namespace_names, local.ingress_controller)} service/${lookup(local.ingress_controller_service_names, local.ingress_controller)} --output=jsonpath='{.status.loadBalancer.ingress[0].${var.lb_hostname != "" ? "hostname" : "ip"}}' 2> /dev/null)" ]; do
+      until [ -n "\$(kubectl get -n ${local.ingress_controller_namespace} service/${lookup(local.ingress_controller_service_names, var.ingress_controller)} --output=jsonpath='{.status.loadBalancer.ingress[0].${var.lb_hostname != "" ? "hostname" : "ip"}}' 2> /dev/null)" ]; do
           echo "Waiting for load-balancer to get an IP..."
           sleep 2
       done

diff --git a/kube.tf.example b/kube.tf.example
@@ -413,7 +413,8 @@ module "kube-hetzner" {
   # After the cluster is deployed, you can always use HelmChartConfig definition to tweak the configuration.
   # If you want to disable both controllers set this to "none"
   # ingress_controller = "nginx"
-  # ingress_target_namespace = "" // In which namespace to deploy the ingress controllers. Defaults to the ingress_controller variable, eg (nginx, traefik)
+  # Namespace in which to deploy the ingress controllers. Defaults to the ingress_controller variable, eg (nginx, traefik)
+  # ingress_target_namespace = ""
 
   # You can change the number of replicas for selected ingress controller here. The default 0 means autoselecting based on number of agent nodes (1 node = 1 replica, 2 nodes = 2 replicas, 3+ nodes = 3 replicas)
   # ingress_replica_count = 1

diff --git a/locals.tf b/locals.tf
@@ -80,7 +80,7 @@ locals {
         "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
       ],
       var.disable_hetzner_csi ? [] : ["hcloud-csi.yml"],
-      lookup(local.ingress_controller_install_resources, local.ingress_controller, []),
+      lookup(local.ingress_controller_install_resources, var.ingress_controller, []),
       lookup(local.cni_install_resources, var.cni_plugin, []),
       var.enable_longhorn ? ["longhorn.yaml"] : [],
       var.enable_csi_driver_smb ? ["csi-driver-smb.yaml"] : [],
@@ -169,16 +169,27 @@ locals {
 
   using_klipper_lb = var.enable_klipper_metal_lb || local.is_single_node_cluster
 
-  has_external_load_balancer = local.using_klipper_lb || local.ingress_controller == "none"
+  has_external_load_balancer = local.using_klipper_lb || var.ingress_controller == "none"
   load_balancer_name         = "${var.cluster_name}-${var.ingress_controller}"
 
+  ingress_controller_service_names = {
+    "traefik" = "traefik"
+    "nginx"   = "nginx-ingress-nginx-controller"
+  }
+
+  ingress_controller_install_resources = {
+    "traefik" = ["traefik_ingress.yaml"]
+    "nginx"   = ["nginx_ingress.yaml"]
+  }
+
   default_ingress_namespace_mapping = {
     "traefik" = "traefik"
     "nginx"   = "nginx"
   }
-  ingress_target_namespace  = var.ingress_target_namespace != "" ? var.ingress_target_namespace : lookup(local.default_ingress_namespace_mapping, var.ingress_controller, "")
-  ingress_replica_count     = (var.ingress_replica_count > 0) ? var.ingress_replica_count : (local.agent_count > 2) ? 3 : (local.agent_count == 2) ? 2 : 1
-  ingress_max_replica_count = (var.ingress_max_replica_count > local.ingress_replica_count) ? var.ingress_max_replica_count : local.ingress_replica_count
+
+  ingress_controller_namespace = var.ingress_target_namespace != "" ? var.ingress_target_namespace : lookup(local.default_ingress_namespace_mapping, var.ingress_controller, "")
+  ingress_replica_count        = (var.ingress_replica_count > 0) ? var.ingress_replica_count : (local.agent_count > 2) ? 3 : (local.agent_count == 2) ? 2 : 1
+  ingress_max_replica_count    = (var.ingress_max_replica_count > local.ingress_replica_count) ? var.ingress_max_replica_count : local.ingress_replica_count
 
   # disable k3s extras
   disable_extras = concat(var.enable_local_storage ? [] : ["local-storage"], local.using_klipper_lb ? [] : ["servicelb"], ["traefik"], var.enable_metrics_server ? [] : ["metrics-server"])
@@ -361,23 +372,6 @@ locals {
   kube_controller_manager_arg = "flex-volume-plugin-dir=/var/lib/kubelet/volumeplugins"
   flannel_iface               = "eth1"
 
-  ingress_controller = var.ingress_controller
-
-  ingress_controller_service_names = {
-    "traefik" = "traefik"
-    "nginx"   = "nginx-ingress-nginx-controller"
-  }
-
-  ingress_controller_namespace_names = {
-    "traefik" = "traefik"
-    "nginx"   = "nginx"
-  }
-
-  ingress_controller_install_resources = {
-    "traefik" = ["traefik_ingress.yaml"]
-    "nginx"   = ["nginx_ingress.yaml"]
-  }
-
   cilium_values = var.cilium_values != "" ? var.cilium_values : <<EOT
 # Enable Kubernetes host-scope IPAM mode (required for K3s + Hetzner CCM)
 ipam:
@@ -588,7 +582,7 @@ podDisruptionBudget:
 %{endif~}
 additionalArguments:
   - "--entrypoints.tcp=true"
-  - "--providers.kubernetesingress.ingressendpoint.publishedservice=${local.ingress_target_namespace}/traefik"
+  - "--providers.kubernetesingress.ingressendpoint.publishedservice=${local.ingress_controller_namespace}/traefik"
 %{for option in var.traefik_additional_options~}
   - "${option}"
 %{endfor~}

diff --git a/values-export.tf b/values-export.tf
@@ -27,14 +27,14 @@ resource "local_file" "longhorn_values" {
 }
 
 resource "local_file" "traefik_values" {
-  count           = var.export_values && local.ingress_controller == "traefik" ? 1 : 0
+  count           = var.export_values && var.ingress_controller == "traefik" ? 1 : 0
   content         = local.traefik_values
   filename        = "traefik_values.yaml"
   file_permission = "600"
 }
 
 resource "local_file" "nginx_values" {
-  count           = var.export_values && local.ingress_controller == "nginx" ? 1 : 0
+  count           = var.export_values && var.ingress_controller == "nginx" ? 1 : 0
   content         = local.nginx_values
   filename        = "nginx_values.yaml"
   file_permission = "600"