Update ingress-nginx module

CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.2.0] - 2023-12-21
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-aws-eks-bootstrap/compare/2.1.0...2.2.0)
+
+### Changed
+
+- update nginx-ingress controller installation module, using the module hosted on [GitHub](https://github.com/sparkfabrik/terraform-helm-ingress-nginx/).
+
 ## [2.1.0] - 2023-12-04
 
 [Compare with previous version](https://github.com/sparkfabrik/terraform-aws-eks-bootstrap/compare/2.0.0...2.1.0)

README.md

@@ -113,7 +113,6 @@ Bootstrap module for AWS EKS cluster.
 | [helm_release.cert_manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.ebs](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.metric_server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.velero](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.cert_manager_cluster_issuer](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -125,9 +124,9 @@ Bootstrap module for AWS EKS cluster.
 | [kubernetes_namespace.cert_manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.customer_application](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [kubernetes_namespace.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.metric_server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace_v1.ingress_nginx](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
 | [random_id.resources_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_eks_cluster_auth.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
@@ -144,6 +143,7 @@ Bootstrap module for AWS EKS cluster.
 | <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.13 |
 | <a name="module_firestarter_operations"></a> [firestarter\_operations](#module\_firestarter\_operations) | ./modules/firestarter-operations | n/a |
 | <a name="module_gitlab_runner"></a> [gitlab\_runner](#module\_gitlab\_runner) | github.com/sparkfabrik/terraform-aws-eks-gitlab-runner | 4e020f8 |
+| <a name="module_ingress_nginx"></a> [ingress\_nginx](#module\_ingress\_nginx) | github.com/sparkfabrik/terraform-helm-ingress-nginx | 0.3.0 |
 | <a name="module_kube_prometheus_stack"></a> [kube\_prometheus\_stack](#module\_kube\_prometheus\_stack) | github.com/sparkfabrik/terraform-sparkfabrik-prometheus-stack | 3.0.0 |
 | <a name="module_load_balancer_controller_irsa_role"></a> [load\_balancer\_controller\_irsa\_role](#module\_load\_balancer\_controller\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.17 |
 | <a name="module_node_termination_handler_irsa_role"></a> [node\_termination\_handler\_irsa\_role](#module\_node\_termination\_handler\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.17 |

UPGRADING.md

@@ -0,0 +1,34 @@
+# Upgrading from 2.1.X to 2.2.0
+
+Upgrading to `2.2.0` from `2.1.X` will destroy and recreate the ingress nginx controller resource since now we're using the external module hosted on [GitHub](https://github.com/sparkfabrik/terraform-helm-ingress-nginx/).
+To avoid that you will need to use the `moved` resource:
+
+```hcl
+moved {
+  from = module.MODULE_NAME.helm_release.ingress_nginx_release
+  to   = module.MODULE_NAME.helm_release.this
+}
+```
+
+Upgrading to `2.2.0` from `2.1.X` will also destroy and recreate the namespace, which is caused by the change of the `kubernetes_namespace` to `kubernetes_namespace_v1` resource.
+You will need to import the new resource with the name of the current namespace.
+You can do it using the `import` resource to import the new resource using the id of the old one:
+
+```hcl
+import {
+  to = module.MODULE_NAME.kubernetes_namespace_v1.this[0]
+  id = NS_NAME
+}
+```
+
+Or manually using the terraform cli:
+
+```bash
+terraform import module.MODULE_NAME.kubernetes_namespace_v1.this[0] NS_NAME
+```
+
+And then you have to remove manually the old one from the state:
+
+```bash
+terraform state rm module.MODULE_NAME.kubernetes_namespace.ingress_nginx
+```

files/ingress-nginx/values.yaml

@@ -1,42 +1,26 @@
 ## nginx configuration
 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/index.md
 ##
-## AWS specific deployment: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/aws/deploy.yaml
-## Available at https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/values.yaml
+## AWS specific deployment: https://github.com/kubernetes/ingress-nginx/blob/helm-chart-4.8.3/deploy/static/provider/aws/deploy.yaml
+## Available at https://github.com/kubernetes/ingress-nginx/blob/helm-chart-4.8.3/charts/ingress-nginx/values.yaml
 controller:
   # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
   config:
-    ssl-redirect: "true"
-    proxy-body-size: "0"
     body-size: "0"
-    proxy-buffer-size: "128k"
+    hsts-include-subdomains: "false"
     proxy-buffers: "4 256k"
     proxy-busy-buffers-size: "256k"
-    proxy-connect-timeout: "15"
-    proxy-read-timeout: "600"
-    proxy-send-imeout: "600"
-    hsts-include-subdomains: "false"
-    server-name-hash-bucket-size: "256"
+    ssl-redirect: "true"
 
   metrics:
     enabled: true
 
-    serviceMonitor:
-      enabled: false
-
   # Mutually exclusive with keda autoscaling
   autoscaling:
-    enabled: true
     minReplicas: 2
     maxReplicas: 4
-    targetCPUUtilizationPercentage: 80
-    targetMemoryUtilizationPercentage: 80
 
   service:
-    ## Set external traffic policy to: "Local" to preserve source IP on
-    ## providers supporting it
-    ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
-    externalTrafficPolicy: "Local"
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
       service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
@@ -45,6 +29,3 @@ controller:
       service.beta.kubernetes.io/aws-load-balancer-type: nlb    
       proxy-real-ip-cidr: ${vpc_cidr_block}
       service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "name=${aws_load_balancer_name}"
-## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266
-rbac:
-  create: true

ingress-nginx.tf

@@ -4,11 +4,11 @@ locals {
   ingress_nginx_nlb_name = "ingress-nginx-nlb"
 
   default_ingress_nginx_helm_config = {
-    name                   = "ingress-nginx"
-    repository             = "https://kubernetes.github.io/ingress-nginx"
-    helm_release_name      = "ingress-nginx"
-    chart_version          = "4.6.0"
-    namespace              = "ingress-nginx"    
+    name              = "ingress-nginx"
+    repository        = "https://kubernetes.github.io/ingress-nginx"
+    helm_release_name = "ingress-nginx"
+    chart_version     = "4.8.3"
+    namespace         = "ingress-nginx"
   }
 
   ingress_nginx_helm_config = merge(
@@ -19,32 +19,37 @@ locals {
   ingress_nginx_config = templatefile(
     "${path.module}/files/ingress-nginx/values.yaml",
     {
-      vpc_cidr_block = var.vpc_cidr_block
+      vpc_cidr_block         = var.vpc_cidr_block
       aws_load_balancer_name = local.ingress_nginx_nlb_name
     }
   )
 }
 
-resource "kubernetes_namespace" "ingress_nginx" {
+resource "kubernetes_namespace_v1" "ingress_nginx" {
   count = try(local.ingress_nginx_helm_config["create_namespace"], true) && local.ingress_nginx_helm_config["namespace"] != "kube-system" && var.enable_ingress_nginx ? 1 : 0
 
   metadata {
+    labels = {
+      name = local.ingress_nginx_helm_config["namespace"]
+    }
     name = local.ingress_nginx_helm_config["namespace"]
   }
-}
 
-resource "helm_release" "ingress_nginx" {
-  count = var.enable_ingress_nginx ? 1 : 0
+  lifecycle {
+    ignore_changes = [metadata[0].labels["sparkfabrik/core"]]
+  }
+}
 
-  name       = local.ingress_nginx_helm_config.name
-  repository = local.ingress_nginx_helm_config.repository
-  chart      = local.ingress_nginx_helm_config.helm_release_name
-  namespace  = local.ingress_nginx_helm_config.namespace
-  version    = local.ingress_nginx_helm_config.chart_version
+module "ingress_nginx" {
+  source            = "github.com/sparkfabrik/terraform-helm-ingress-nginx?ref=0.3.0"
+  chart_version     = local.ingress_nginx_helm_config.chart_version
+  create_namespace  = false
+  namespace         = local.ingress_nginx_helm_config.namespace
+  helm_release_name = local.ingress_nginx_helm_config.helm_release_name
 
-  values = [local.ingress_nginx_config]
+  additional_values = [local.ingress_nginx_config]
 
-  depends_on = [kubernetes_namespace.ingress_nginx]
+  depends_on = [kubernetes_namespace_v1.ingress_nginx]
 }
 
 data "aws_lb" "ingress_nginx" {
@@ -54,5 +59,5 @@ data "aws_lb" "ingress_nginx" {
     "name" = local.ingress_nginx_nlb_name
   }
 
-  depends_on = [helm_release.ingress_nginx]
+  depends_on = [ingress_nginx.helm_release.this]
 }