fix: sync ingress-nginx version and labels

Signed-off-by: Kevin Lefevre <[email protected]>
particuleio · Nov 8, 2020 · 7f3d1b9 · 7f3d1b9
1 parent f9ed868
commit 7f3d1b9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 18 deletions.
diff --git a/ingress-nginx.tf b/ingress-nginx.tf
@@ -7,8 +7,6 @@ locals {
       namespace              = "ingress-nginx"
       chart                  = "ingress-nginx"
       repository             = "https://kubernetes.github.io/ingress-nginx"
-      use_nlb                = false
-      use_l7                 = false
       enabled                = false
       default_network_policy = true
       ingress_cidrs          = ["0.0.0.0/0"]
@@ -34,10 +32,9 @@ controller:
     enabled: true
   priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
 podSecurityPolicy:
-  enabled: true
+  enabled: false
 VALUES
 
-
 }
 
 resource "kubernetes_namespace" "ingress-nginx" {
@@ -145,11 +142,11 @@ resource "kubernetes_network_policy" "ingress-nginx_allow_ingress" {
 
     ingress {
       ports {
-        port     = "80"
+        port     = "http"
         protocol = "TCP"
       }
       ports {
-        port     = "443"
+        port     = "https"
         protocol = "TCP"
       }
 
@@ -217,7 +214,7 @@ resource "kubernetes_network_policy" "ingress-nginx_allow_control_plane" {
 
     ingress {
       ports {
-        port     = "8443"
+        port     = "webhook"
         protocol = "TCP"
       }
 

diff --git a/modules/scaleway/ingress-nginx.tf b/modules/scaleway/ingress-nginx.tf
@@ -9,9 +9,9 @@ locals {
       repository             = "https://kubernetes.github.io/ingress-nginx"
       enabled                = false
       default_network_policy = true
-      ingress_cidr           = "0.0.0.0/0"
-      chart_version          = "2.15.0"
-      version                = "0.35.0"
+      ingress_cidrs          = ["0.0.0.0/0"]
+      chart_version          = "3.8.0"
+      version                = "0.41.0"
       allowed_cidrs          = ["0.0.0.0/0"]
     },
     var.ingress-nginx
@@ -148,17 +148,20 @@ resource "kubernetes_network_policy" "ingress-nginx_allow_ingress" {
 
     ingress {
       ports {
-        port     = "80"
+        port     = "http"
         protocol = "TCP"
       }
       ports {
-        port     = "443"
+        port     = "https"
         protocol = "TCP"
       }
 
-      from {
-        ip_block {
-          cidr = local.ingress-nginx["ingress_cidr"]
+      dynamic "from" {
+        for_each = local.ingress-nginx["ingress_cidrs"]
+        content {
+          ip_block {
+            cidr = from.value
+          }
         }
       }
     }
@@ -168,7 +171,7 @@ resource "kubernetes_network_policy" "ingress-nginx_allow_ingress" {
 }
 
 resource "kubernetes_network_policy" "ingress-nginx_allow_monitoring" {
-  count = local.ingress-nginx["enabled"] && local.ingress-nginx["default_network_policy"] && local.kube-prometheus-stack["enabled"] ? 1 : 0
+  count = local.ingress-nginx["enabled"] && local.ingress-nginx["default_network_policy"] ? 1 : 0
 
   metadata {
     name      = "${kubernetes_namespace.ingress-nginx.*.metadata.0.name[count.index]}-allow-monitoring"
@@ -188,7 +191,7 @@ resource "kubernetes_network_policy" "ingress-nginx_allow_monitoring" {
       from {
         namespace_selector {
           match_labels = {
-            name = kubernetes_namespace.kube-prometheus-stack.*.metadata.0.name[count.index]
+            "${local.labels_prefix}/component" = "monitoring"
           }
         }
       }
@@ -217,7 +220,7 @@ resource "kubernetes_network_policy" "ingress-nginx_allow_control_plane" {
 
     ingress {
       ports {
-        port     = "8443"
+        port     = "webhook"
         protocol = "TCP"
       }