diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6e0db03 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.terraform/* diff --git a/README.md b/README.md index 6987a38..4595f90 100644 --- a/README.md +++ b/README.md @@ -28,19 +28,18 @@ A terraform module to deploy an Application Load Balancer (ALB) Ingress Controll | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| cluster\_identity\_oidc\_issuer | n/a | `any` | n/a | yes | -| cluster\_identity\_oidc\_issuer\_arn | n/a | `any` | n/a | yes | -| cluster\_name | n/a | `any` | n/a | yes | +| cluster\_identity\_oidc\_issuer | The OIDC Identity issuer for the cluster | `string` | n/a | yes | +| cluster\_identity\_oidc\_issuer\_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | `string` | n/a | yes | +| cluster\_name | The name of the cluster | `string` | n/a | yes | | enabled | n/a | `bool` | n/a | yes | | helm\_chart\_name | n/a | `string` | `"aws-alb-ingress-controller"` | no | | helm\_chart\_version | n/a | `string` | `"0.1.13"` | no | | helm\_release\_name | n/a | `string` | `"aws-alb-ingress-controller"` | no | | helm\_repo\_url | n/a | `string` | `"http://storage.googleapis.com/kubernetes-charts-incubator"` | no | -| ingress\_class | n/a | `string` | `"alb-ingress"` | no | | k8s\_namespace | The k8s namespace in which the alb-ingress service account has been created | `string` | `"alb-ingress"` | no | | k8s\_service\_account\_name | The k8s alb-ingress service account name | `string` | `"aws-alb-ingress-controller"` | no | | mod\_dependency | Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable | `any` | `null` | no | -| replica\_count | n/a | `number` | `2` | no | +| settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/incubator/aws-alb-ingress-controller | `map(any)` | `{}` | no | ## Outputs diff --git a/main.tf b/main.tf index 210a58a..eb625c0 100644 --- a/main.tf +++ b/main.tf @@ -7,14 +7,32 @@ resource "helm_release" "alb_ingress" { namespace = var.k8s_namespace version = var.helm_chart_version - values = [ - "${templatefile("${path.module}/templates/values.yaml.tpl", - { - "cluster_name" = var.cluster_name, - "alb_ingress_iam_role_arn" = aws_iam_role.alb_ingress[0].arn - "replica_count" = var.replica_count - "ingress_class" = var.ingress_class - }) - }" - ] + set { + name = "clusterName" + value = var.cluster_name + } + + set { + name = "rbac.create" + value = "true" + } + + set { + name = "rbac.serviceAccount.create" + value = "true" + } + + set { + name = "rbac.serviceAccountAnnotations.eks\\.amazonaws\\.com/role-arn" + value = aws_iam_role.alb_ingress[0].arn + } + + dynamic "set" { + for_each = var.settings + + content { + name = set.key + value = set.value + } + } } diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl deleted file mode 100644 index b027095..0000000 --- a/templates/values.yaml.tpl +++ /dev/null @@ -1,32 +0,0 @@ -## Resources created by the ALB Ingress controller will be prefixed with this string -## Required -clusterName: ${ cluster_name } - -scope: - ## If provided, the ALB ingress controller will only act on Ingress resources annotated with this class - ## Ref: https://github.com/kubernetes-sigs/aws-alb-ingress-controller/blob/master/docs/guide/controller/config.md#limiting-ingress-class - ingressClass: ${ ingress_class } - -rbac: - create: true - serviceAccountAnnotations: - eks.amazonaws.com/role-arn: ${ alb_ingress_iam_role_arn } - -resources: - requests: - memory: "64Mi" - limits: - memory: "128Mi" - -image: - repository: docker.io/amazon/aws-alb-ingress-controller - tag: "v1.1.5" - pullPolicy: IfNotPresent - -replicaCount: ${ replica_count } - -## Auto Discover awsRegion from ec2metadata, set this to true and omit awsRegion when ec2metadata is available. -autoDiscoverAwsRegion: true - -## Auto Discover awsVpcID from ec2metadata, set this to true and omit awsVpcID: " when ec2metadata is available. -autoDiscoverAwsVpcID: true diff --git a/variables.tf b/variables.tf index 2a2312f..99dcd62 100644 --- a/variables.tf +++ b/variables.tf @@ -1,21 +1,24 @@ # Required module inputs -variable "cluster_name" {} -variable "cluster_identity_oidc_issuer" {} -variable "cluster_identity_oidc_issuer_arn" {} - -# alb-ingress +variable "cluster_name" { + type = string + description = "The name of the cluster" +} -variable "enabled" { - type = bool +variable "cluster_identity_oidc_issuer" { + type = string + description = "The OIDC Identity issuer for the cluster" } -variable "replica_count" { - default = 2 +variable "cluster_identity_oidc_issuer_arn" { + type = string + description = "The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account" } -variable "ingress_class" { - default = "alb-ingress" +# alb-ingress + +variable "enabled" { + type = bool } # Helm @@ -52,3 +55,9 @@ variable "mod_dependency" { default = null description = "Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable" } + +variable "settings" { + type = map(any) + default = {} + description = "Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/incubator/aws-alb-ingress-controller" +}