Skip to content

Terraform module to deploy and expose a kubernetes service using Traefik

License

Notifications You must be signed in to change notification settings

alemuro/terraform-kubernetes-expose-service-ingress

Repository files navigation

Terraform Module for exposing a service through an Ingress

This module provides an easy way to deploy pods and to expose them to the Internet by configuring the proper service and ingresses. It has been designed to allow pods with only one container. See examples below.

This module has been designed to work on a K3S cluster with Traefik and files stored locally.

It supports cert-manager for creating Let's Encrypt certificates. Take into consideration that a ClusterIssuer with name "letsencrypt" should be created before using this module.

Supported Ingresses

Currently there is only one ingress supported. Feel free to open PR's to add support for others:

  • Traefik

Providers

Name Version
kubernetes n/a

Inputs

Name Description Type Default Required
image Image name and tag to deploy. string n/a yes
name Name used to identify deployed container and all related resources. string n/a yes
allow_from List of services to allow traffic from list(string) [] no
annotations Annotations added to some components. Only ingress and service supported at the moment.
object({
ingress = optional(map(string), {})
service = optional(map(string), {})
})
{
"ingress": {},
"service": {}
}
no
args List of arguments to pass to the container list(string) [] no
capabilities_add List of capabilities to add to the container. list(string) [] no
cloudflare_domains List of domains that should be exposed through Cloudflare Tunnel. Requires the ingress class 'cloudflare-tunnel' to be configured. list(string) [] no
container_port Container port where to send to requests to. If doesn't exist, service won't be created string null no
domains List of domains that should be configured to route traffic from. list(string) [] no
environment_variables Map with environment variables injected to the containers. map(any) {} no
host_port Host port where to send to requests to. string null no
http Whether to create an ingress for HTTP traffic. bool true no
https Whether to create an ingress for HTTPS traffic. bool true no
image_pull_secret Kubernetes secret storing registry credentials. string "" no
namespace Kubernetes namespace where resources must be created. string "default" no
node_selector Node selector to use when deploying the container. map(string) null no
paths Object mapping local paths to container paths map(any) {} no
pod_additional_ports List of additional ports to expose on the pod.
list(object({
name = string
container_port = string
host_port = string
protocol = string
}))
[] no
privileged Whether to run the container in privileged mode bool false no
pvcs Object that contains the list of PVCs to mount in the container
list(object({
name = string
path = string
sub_path = optional(string, "")
read_only = optional(bool, false)
}))
[] no
resources Map with resources limits and requests.
object({
limits = map(string)
requests = map(string)
})
{
"limits": {},
"requests": {}
}
no
service_port Port configured on the service side to receive requests (routed to the container port). string "80" no
supplemental_groups List of supplemental groups to add to the container. list(string) [] no

Outputs

No outputs.

Examples

On the following example we are deploying Wordpress stack with:

  • 1 x Wordpress: All data is stored on a local folder.
  • 1 x MariaDB (MySQL) database. All data is stored on a local folder.
  • 1 x PHPMyAdmin
module "wordpress" {
  source  = "alemuro/expose-service-ingress/kubernetes"
  version = "1.1.0"

  name           = "wordpress-example"
  image          = "wordpress:5"
  domains        = ["wordpress-example.com", "wordpress.example.com"]
  container_port = "80"
  paths = {
    "/opt/k3s/wordpress-example" = "/var/www/html"
  }
  pvcs = {
    name = "pvc-name" 
    path = "/tmp/pvc-example"
  }
  environment_variables = {
    WORDPRESS_DB_HOST     = "database"
    WORDPRESS_DB_USER     = "wordpress-example"
    WORDPRESS_DB_PASSWORD = "r@ndomPa$$w0rd!"
    WORDPRESS_DB_NAME     = "wordpress-example"
  }
}

module "database" {
  source  = "alemuro/expose-service-ingress/kubernetes"
  version = "1.1.0"

  name           = "database"
  image          = "mariadb"
  container_port = "3306"
  service_port   = "3306"
  paths = {
    "/opt/k3s/database" = "/var/lib/mysql"
  }
  environment_variables = {
    MYSQL_ALLOW_EMPTY_PASSWORD = "true"
  }
}

module "phpmyadmin" {
  source  = "alemuro/expose-service-ingress/kubernetes"
  version = "1.1.0"

  name           = "phpmyadmin"
  image          = "phpmyadmin"
  domains        = ["phpmyadmin.wordpress-example.com"]
  container_port = "80"

  environment_variables = {
    PMA_HOST            = "database"
    PMA_PORT            = 3306
    MYSQL_ROOT_PASSWORD = "r@ndomPa$$w0rd!"
  }
}

About

Terraform module to deploy and expose a kubernetes service using Traefik

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages