Bumped Nginx Controller, switched to helm chart

madduci · Jan 31, 2025 · 9cd4178 · 9cd4178
1 parent 0d22537
commit 9cd4178
Show file tree

Hide file tree

Showing 11 changed files with 116 additions and 757 deletions.
diff --git a/examples/kind-with-nginx/README.md b/examples/kind-with-nginx/README.md
@@ -46,4 +46,43 @@ export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead
 $TF_BIN destroy
 ```
 
-and all the resources will be deleted.
+and all the resources will be deleted.
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | 2.17.0 |
+| <a name="requirement_kind"></a> [kind](#requirement\_kind) | 0.7.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | 2.35.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_kind"></a> [kind](#module\_kind) | ../../modules/kind-cluster | n/a |
+| <a name="module_nginx_ingress"></a> [nginx\_ingress](#module\_nginx\_ingress) | ../../modules/nginx-ingress | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.nextcloud](https://registry.terraform.io/providers/hashicorp/helm/2.17.0/docs/resources/release) | resource |
+| [kubernetes_ingress_v1.nextcloud](https://registry.terraform.io/providers/hashicorp/kubernetes/2.35.1/docs/resources/ingress_v1) | resource |
+| [kubernetes_namespace_v1.workshop](https://registry.terraform.io/providers/hashicorp/kubernetes/2.35.1/docs/resources/namespace_v1) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/modules/cilium-mesh/README.md b/modules/cilium-mesh/README.md
@@ -42,7 +42,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_helm_repository"></a> [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://helm.cilium.io/"` | no |
-| <a name="input_helm_version"></a> [helm\_version](#input\_helm\_version) | The version of the Cilium Helm Chart to be installed | `string` | `"1.16.5"` | no |
+| <a name="input_helm_version"></a> [helm\_version](#input\_helm\_version) | The version of the Cilium Helm Chart to be installed | `string` | `"1.16.6"` | no |
 | <a name="input_node_port_http"></a> [node\_port\_http](#input\_node\_port\_http) | The NodePort for HTTP traffic | `number` | `30000` | no |
 | <a name="input_node_port_https"></a> [node\_port\_https](#input\_node\_port\_https) | The NodePort for HTTPS traffic | `number` | `30001` | no |
 

diff --git a/modules/cilium-mesh/variables.tf b/modules/cilium-mesh/variables.tf
@@ -1,7 +1,7 @@
 variable "helm_version" {
   description = "The version of the Cilium Helm Chart to be installed"
   type        = string
-  default     = "1.16.5"
+  default     = "1.16.6"
   validation {
     condition     = can(regex("^[0-9]+.[0-9]+.[0-9]+$", var.helm_version))
     error_message = "The Helm version must be in the format x.y.z"
@@ -13,8 +13,8 @@ variable "helm_repository" {
   description = "Helm Chart Repository URL"
   default     = "https://helm.cilium.io/"
   validation {
-    condition     = can(regex("https://.*", var.helm_repository))
-    error_message = "The Helm Repository URL must start with https://"
+    condition     = can(regex("https://.*", var.helm_repository)) || can(regex("oci://.*", var.helm_repository))
+    error_message = "The Helm Repository URL must start with https:// or oci://"
   }
 }
 

diff --git a/modules/istio-mesh/variables.tf b/modules/istio-mesh/variables.tf
@@ -23,8 +23,8 @@ variable "helm_repository" {
   description = "Helm Chart Repository URL"
   default     = "https://istio-release.storage.googleapis.com/charts"
   validation {
-    condition     = can(regex("https://.*", var.helm_repository))
-    error_message = "The Helm Repository URL must start with https://"
+    condition     = can(regex("https://.*", var.helm_repository)) || can(regex("oci://.*", var.helm_repository))
+    error_message = "The Helm Repository URL must start with https:// or oci://"
   }
 }
 

diff --git a/modules/kind-cluster/README.md b/modules/kind-cluster/README.md
@@ -10,7 +10,7 @@ Clone this repository and set the path to this module in your Project.
 module "kind" {
     source = "path/to/this/module"
 
-    kubernetes_version = "1.31.4"
+    kubernetes_version = "1.32.1"
     cluster_name = "my_local_cluster"
     worker_nodes = 2 # Create two worker nodes
     kubeconfig_save_path = "./kubeconfig"
@@ -44,7 +44,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Defines the name of the cluster | `string` | `"local-cluster"` | no |
 | <a name="input_kubeconfig_save_path"></a> [kubeconfig\_save\_path](#input\_kubeconfig\_save\_path) | Defines the path to save the kubeconfig file | `string` | `"kubeconfig"` | no |
-| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Defines the kubernetes version to be used | `string` | `"v1.31.4"` | no |
+| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Defines the kubernetes version to be used | `string` | `"v1.32.1"` | no |
 | <a name="input_worker_nodes"></a> [worker\_nodes](#input\_worker\_nodes) | Defines the number of worker nodes to be created | `number` | `1` | no |
 
 ## Outputs

diff --git a/modules/kind-cluster/variables.tf b/modules/kind-cluster/variables.tf
@@ -1,6 +1,6 @@
 variable "kubernetes_version" {
   type        = string
-  default     = "v1.31.4"
+  default     = "v1.32.1"
   description = "Defines the kubernetes version to be used"
   validation {
     condition     = can(regex("v[0-9]+.[0-9]+.[0-9]+", var.kubernetes_version))

diff --git a/modules/nginx-ingress/README.md b/modules/nginx-ingress/README.md
@@ -9,7 +9,7 @@ Clone this repository and set the path to this module in your Project.
 ´´´hcl
 module "nginx_ingress" {
     source = "path/to/this/module"
-    ingress_nginx_version = "1.11.3"
+    helm_version = "4.12.0"
 }
 ´´´
 
@@ -22,6 +22,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
+| <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
 
 ## Modules
@@ -32,38 +33,18 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [kubernetes_cluster_role_binding_v1.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |
-| [kubernetes_cluster_role_binding_v1.ingress_nginx_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |
-| [kubernetes_cluster_role_v1.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource |
-| [kubernetes_cluster_role_v1.ingress_nginx_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource |
-| [kubernetes_config_map_v1.ingress_nginx_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1) | resource |
-| [kubernetes_deployment_v1.ingress_nginx_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment_v1) | resource |
-| [kubernetes_ingress_class_v1.ingressclass_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_class_v1) | resource |
-| [kubernetes_job_v1.ingress_nginx_admission_create](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/job_v1) | resource |
-| [kubernetes_job_v1.ingress_nginx_admission_patch](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/job_v1) | resource |
+| [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace_v1.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_role_binding_v1.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1) | resource |
-| [kubernetes_role_binding_v1.ingress_nginx_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1) | resource |
-| [kubernetes_role_v1.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_v1) | resource |
-| [kubernetes_role_v1.ingress_nginx_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_v1) | resource |
-| [kubernetes_secret_v1.service_account_ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
-| [kubernetes_secret_v1.service_account_ingress_nginx_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
-| [kubernetes_service_account_v1.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
-| [kubernetes_service_account_v1.ingress_nginx_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
-| [kubernetes_service_v1.ingress_nginx_controller](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_v1) | resource |
-| [kubernetes_service_v1.ingress_nginx_controller_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_v1) | resource |
-| [kubernetes_validating_webhook_configuration_v1.ingress_nginx_admission](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/validating_webhook_configuration_v1) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ingress_nginx_sha256_digest"></a> [ingress\_nginx\_sha256\_digest](#input\_ingress\_nginx\_sha256\_digest) | The sha256 digest of the NGINX Ingress to be installed | `string` | `"d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7"` | no |
-| <a name="input_ingress_nginx_version"></a> [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | The version of the NGINX Ingress to be installed | `string` | `"1.11.3"` | no |
-| <a name="input_ingress_webhook_certgen_sha256_digest"></a> [ingress\_webhook\_certgen\_sha256\_digest](#input\_ingress\_webhook\_certgen\_sha256\_digest) | The sha256 digest of the NGINX Webhook Certificate generator to be installed | `string` | `"a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f"` | no |
-| <a name="input_ingress_webhook_certgen_version"></a> [ingress\_webhook\_certgen\_version](#input\_ingress\_webhook\_certgen\_version) | The version of the NGINX Webhook Certificate generator to be installed | `string` | `"1.4.4"` | no |
+| <a name="input_helm_repository"></a> [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://kubernetes.github.io/ingress-nginx"` | no |
+| <a name="input_helm_version"></a> [helm\_version](#input\_helm\_version) | The version of the nginx Ingress Controller Helm Chart to be installed | `string` | `"4.12.0"` | no |
 | <a name="input_local_node_ports"></a> [local\_node\_ports](#input\_local\_node\_ports) | Defines the node ports to use with the local cluster (kind) | <pre>list(object({<br/>    app_protocol = string<br/>    name         = string<br/>    target_port  = string<br/>    protocol     = string<br/>    port         = number<br/>    node_port    = number<br/>  }))</pre> | <pre>[<br/>  {<br/>    "app_protocol": "http",<br/>    "name": "http",<br/>    "node_port": 30000,<br/>    "port": 80,<br/>    "protocol": "TCP",<br/>    "target_port": "http"<br/>  },<br/>  {<br/>    "app_protocol": "https",<br/>    "name": "https",<br/>    "node_port": 30001,<br/>    "port": 443,<br/>    "protocol": "TCP",<br/>    "target_port": "https"<br/>  }<br/>]</pre> | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where to install the services | `string` | `"ingress-nginx"` | no |
+| <a name="input_toleration_label"></a> [toleration\_label](#input\_toleration\_label) | Defines label to be used for toleration when deploying the Ingress Controller | `string` | `"node-role.kubernetes.io/control-plane"` | no |
 
 ## Outputs