From f523e7057f57d9e5fe814b38bb2909cd520af260 Mon Sep 17 00:00:00 2001
From: optocoupler <risto.markovski@xenit.se>
Date: Mon, 18 Nov 2024 14:34:59 +0100
Subject: [PATCH] fix: gateway_envoy seemless integration (#1254)

* Lars is a genius

---------

Co-authored-by: Risto Markovski <risto.markovski@unbox.onmicrosoft.com>
---
 modules/kubernetes/aks-core/README.md         |  3 +--
 modules/kubernetes/aks-core/modules.tf        |  4 ++--
 modules/kubernetes/aks-core/variables.tf      | 22 +++++++++----------
 modules/kubernetes/envoy-gateway/README.md    |  2 +-
 modules/kubernetes/envoy-gateway/variables.tf |  3 ++-
 validation/kubernetes/aks-core/main.tf        | 16 +++++++++-----
 6 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/modules/kubernetes/aks-core/README.md b/modules/kubernetes/aks-core/README.md
index 17aeff090..6e233d72d 100644
--- a/modules/kubernetes/aks-core/README.md
+++ b/modules/kubernetes/aks-core/README.md
@@ -145,8 +145,7 @@ This module is used to create AKS clusters.
 | <a name="input_defender_enabled"></a> [defender\_enabled](#input\_defender\_enabled) | If Defender for Containers should be enabled | `bool` | `false` | no |
 | <a name="input_dns_zones"></a> [dns\_zones](#input\_dns\_zones) | List of DNS Zones | `list(string)` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment name to use for the deploy | `string` | n/a | yes |
-| <a name="input_envoy_gateway_config"></a> [envoy\_gateway\_config](#input\_envoy\_gateway\_config) | Envoy gateway configuration | <pre>object({<br/>    logging_level             = optional(string, "info")<br/>    replicas_count            = optional(number, 2)<br/>    resources_memory_limit    = optional(string, "")<br/>    resources_cpu_requests    = optional(string, "")<br/>    resources_memory_requests = optional(string, "")<br/>  })</pre> | n/a | yes |
-| <a name="input_envoy_gateway_enabled"></a> [envoy\_gateway\_enabled](#input\_envoy\_gateway\_enabled) | Should we deploy envoy-gateway | `bool` | `false` | no |
+| <a name="input_envoy_gateway"></a> [envoy\_gateway](#input\_envoy\_gateway) | Should we deploy envoy-gateway | <pre>object({<br/>    enabled = optional(bool, false)<br/>    envoy_gateway_config = optional(object({<br/>      logging_level             = optional(string, "info")<br/>      replicas_count            = optional(number, 2)<br/>      resources_memory_limit    = optional(string, "")<br/>      resources_cpu_requests    = optional(string, "")<br/>      resources_memory_requests = optional(string, "")<br/>    }), {})<br/>  })</pre> | `{}` | no |
 | <a name="input_envoy_tls_policy_enabled"></a> [envoy\_tls\_policy\_enabled](#input\_envoy\_tls\_policy\_enabled) | An option to remove the gatekeeper mutation for tls settings | `bool` | `false` | no |
 | <a name="input_external_dns_config"></a> [external\_dns\_config](#input\_external\_dns\_config) | ExternalDNS config | <pre>object({<br/>    extra_args = optional(list(string), [])<br/>    sources    = optional(list(string), ["ingress", "service"])<br/>  })</pre> | `{}` | no |
 | <a name="input_external_dns_enabled"></a> [external\_dns\_enabled](#input\_external\_dns\_enabled) | Should External DNS be enabled | `bool` | `true` | no |
diff --git a/modules/kubernetes/aks-core/modules.tf b/modules/kubernetes/aks-core/modules.tf
index a8d323b86..03648b805 100644
--- a/modules/kubernetes/aks-core/modules.tf
+++ b/modules/kubernetes/aks-core/modules.tf
@@ -231,13 +231,13 @@ module "envoy_gateway" {
   for_each = {
     for s in ["envoy_gateway"] :
     s => s
-    if var.envoy_gateway_enabled
+    if var.envoy_gateway.enabled
   }
 
   source = "../../kubernetes/envoy-gateway"
 
   cluster_id           = local.cluster_id
-  envoy_gateway_config = var.envoy_gateway_config
+  envoy_gateway_config = var.envoy_gateway.envoy_gateway_config
 }
 
 module "external_dns" {
diff --git a/modules/kubernetes/aks-core/variables.tf b/modules/kubernetes/aks-core/variables.tf
index b951a69c6..940c61059 100644
--- a/modules/kubernetes/aks-core/variables.tf
+++ b/modules/kubernetes/aks-core/variables.tf
@@ -840,21 +840,19 @@ variable "karpenter_config" {
 }
 
 
-variable "envoy_gateway_enabled" {
+variable "envoy_gateway" {
   description = "Should we deploy envoy-gateway"
-  type        = bool
-  default     = false
-}
-
-variable "envoy_gateway_config" {
-  description = "Envoy gateway configuration"
   type = object({
-    logging_level             = optional(string, "info")
-    replicas_count            = optional(number, 2)
-    resources_memory_limit    = optional(string, "")
-    resources_cpu_requests    = optional(string, "")
-    resources_memory_requests = optional(string, "")
+    enabled = optional(bool, false)
+    envoy_gateway_config = optional(object({
+      logging_level             = optional(string, "info")
+      replicas_count            = optional(number, 2)
+      resources_memory_limit    = optional(string, "")
+      resources_cpu_requests    = optional(string, "")
+      resources_memory_requests = optional(string, "")
+    }), {})
   })
+  default = {}
 }
 
 variable "popeye_enabled" {
diff --git a/modules/kubernetes/envoy-gateway/README.md b/modules/kubernetes/envoy-gateway/README.md
index ba6bc4a71..f22190871 100644
--- a/modules/kubernetes/envoy-gateway/README.md
+++ b/modules/kubernetes/envoy-gateway/README.md
@@ -34,7 +34,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | Unique identifier of the cluster across regions and instances. | `string` | n/a | yes |
-| <a name="input_envoy_gateway_config"></a> [envoy\_gateway\_config](#input\_envoy\_gateway\_config) | Configuration for the username and password | <pre>object({<br/>    logging_level             = optional(string, "info")<br/>    replicas_count            = optional(number, 2)<br/>    resources_memory_limit    = optional(string, "")<br/>    resources_cpu_requests    = optional(string, "")<br/>    resources_memory_requests = optional(string, "")<br/>  })</pre> | n/a | yes |
+| <a name="input_envoy_gateway_config"></a> [envoy\_gateway\_config](#input\_envoy\_gateway\_config) | Configuration for the username and password | <pre>object({<br/>    logging_level             = optional(string, "info")<br/>    replicas_count            = optional(number, 2)<br/>    resources_memory_limit    = optional(string, "")<br/>    resources_cpu_requests    = optional(string, "")<br/>    resources_memory_requests = optional(string, "")<br/>  })</pre> | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/kubernetes/envoy-gateway/variables.tf b/modules/kubernetes/envoy-gateway/variables.tf
index 8a1b636ff..f60a40668 100644
--- a/modules/kubernetes/envoy-gateway/variables.tf
+++ b/modules/kubernetes/envoy-gateway/variables.tf
@@ -12,4 +12,5 @@ variable "envoy_gateway_config" {
     resources_cpu_requests    = optional(string, "")
     resources_memory_requests = optional(string, "")
   })
-}
+  default = {}
+}
\ No newline at end of file
diff --git a/validation/kubernetes/aks-core/main.tf b/validation/kubernetes/aks-core/main.tf
index 946c7aa8c..582484ba0 100644
--- a/validation/kubernetes/aks-core/main.tf
+++ b/validation/kubernetes/aks-core/main.tf
@@ -3,12 +3,16 @@ terraform {
 
 module "aks_core" {
   source = "../../../modules/kubernetes/aks-core"
-  envoy_gateway_config = {
-    logging_level             = "debug"
-    replicas_count            = 42
-    resources_memory_limit    = "30g"
-    resources_cpu_requests    = "5000mi"
-    resources_memory_requests = "50g"
+  envoy_gateway = {
+    enabled = true
+    envoy_gateway_config = {
+      logging_level             = "debug"
+      replicas_count            = 42
+      resources_memory_limit    = "30g"
+      resources_cpu_requests    = "5000mi"
+      resources_memory_requests = "50g"
+    }
+
   }
   grafana_k8s_monitor_config = {
     grafana_cloud_prometheus_host = "sda"