fix nginx-ingress-controller

beam-cloud · Jan 18, 2024 · 86b7a73 · 86b7a73
1 parent b602e58
commit 86b7a73
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 29 deletions.
diff --git a/deploy/aws/AWSLoadBalancerController.json b/deploy/aws/AWSLoadBalancerController.json
@@ -38,7 +38,8 @@
                 "elasticloadbalancing:DescribeTargetGroups",
                 "elasticloadbalancing:DescribeTargetGroupAttributes",
                 "elasticloadbalancing:DescribeTargetHealth",
-                "elasticloadbalancing:DescribeTags"
+                "elasticloadbalancing:DescribeTags",
+                "elasticloadbalancing:AddTags"
             ],
             "Resource": "*"
         },

diff --git a/deploy/aws/main.tf b/deploy/aws/main.tf
@@ -389,6 +389,32 @@ resource "helm_release" "aws-load-balancer-controller" {
   ]
 }
 
+
+resource "helm_release" "nginx_ingress" {
+  name       = "nginx-ingress"
+  repository = "https://charts.bitnami.com/bitnami"
+  chart      = "nginx-ingress-controller"
+  version    = "10.0.1"
+
+  values = [<<EOF
+defaultBackend:
+  enabled: true
+service:
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+    service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
+    service.beta.kubernetes.io/aws-load-balancer-alpn-policy: "HTTP2Preferred"
+    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
+    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "${aws_acm_certificate.ssl_cert.arn}"
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+    service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
+EOF
+  ]
+}
+
+
 # S3 Buckets
 resource "aws_s3_bucket" "image_bucket" {
   bucket = "${var.prefix}-image-bucket"

diff --git a/deploy/aws/outputs.tf b/deploy/aws/outputs.tf
@@ -1,28 +0,0 @@
-# output "kubeconfig" {
-#   value = <<KUBECONFIG
-# apiVersion: v1
-# clusters:
-# - cluster:
-#     server: ${data.aws_eks_cluster.cluster.endpoint}
-#     certificate-authority-data: ${data.aws_eks_cluster.cluster.certificate_authority[0].data}
-#   name: ${aws_eks_cluster.cluster.name}
-# contexts:
-# - context:
-#     cluster: ${aws_eks_cluster.cluster.name}
-#     user: ${aws_eks_cluster.cluster.name}
-#   name: ${aws_eks_cluster.cluster.name}
-# current-context: ${aws_eks_cluster.cluster.name}
-# kind: Config
-# preferences: {}
-# users:
-# - name: ${aws_eks_cluster.cluster.name}
-#   user:
-#     exec:
-#       apiVersion: client.authentication.k8s.io/v1beta1
-#       command: aws-iam-authenticator
-#       args:
-#         - "token"
-#         - "-i"
-#         - "${aws_eks_cluster.cluster.name}"
-# KUBECONFIG
-# }