diff --git a/README.md b/README.md
index 3f701df..239074c 100644
--- a/README.md
+++ b/README.md
@@ -206,8 +206,10 @@ worker_groups = {
## karpenter enabled
### NOTES:
### - enabling karpenter automatically disables cluster auto-scaler
-### - then enabling karpenter on existing old cluster there is possibility to see cycle-dependency error, to overcome this you need at first to apply main eks module change (`terraform apply --target "module.<eks-module-name>.module.eks-cluster"`) and then rest of cluster-autoloader destroy and karpenter install onse
+### - if vpc have been created externally(not inside this module) then you may need to set the following tags on private subnets `karpenter.sh/discovery=<cluster-name>`
+### - then enabling karpenter on existing old cluster there is possibility to see cycle-dependency error, to overcome this you need at first to apply main eks module change (`terraform apply --target "module.<eks-module-name>.module.eks-cluster"`) and then rest of cluster-autoloader destroy and karpenter install ones
### - when destroying cluster which have karpenter enabled there is possibility of failure on karpenter resource removal, you need to run destruction one more time to get it complete
+### - in order to be able to use spot instances you may need to create AWSServiceRoleForEC2Spot IAM role on aws account(TODO: check and create this role on account module automatically), here is the doc: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/service-linked-roles-spot-instance-requests.html , otherwise karpenter created `nodeclaim` kubernetes resource will show AuthFailure.ServiceLinkedRoleCreationNotPermitted error
```terraform
module "eks" {
source = "dasmeta/eks/aws"
@@ -340,7 +342,7 @@ module "eks" {
| <a name="input_map_roles"></a> [map\_roles](#input\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. | <pre>list(object({<br> rolearn = string<br> username = string<br> groups = list(string)<br> }))</pre> | `[]` | no |
| <a name="input_metrics_exporter"></a> [metrics\_exporter](#input\_metrics\_exporter) | Metrics Exporter, can use cloudwatch or adot | `string` | `"adot"` | no |
| <a name="input_metrics_server_name"></a> [metrics\_server\_name](#input\_metrics\_server\_name) | n/a | `string` | `"metrics-server"` | no |
-| <a name="input_nginx_ingress_controller_config"></a> [nginx\_ingress\_controller\_config](#input\_nginx\_ingress\_controller\_config) | Nginx ingress controller configs | <pre>object({<br> enabled = optional(bool, false)<br> name = optional(string, "nginx")<br> create_namespace = optional(bool, true)<br> namespace = optional(string, "ingress-nginx")<br> replicacount = optional(number, 3)<br> metrics_enabled = optional(bool, true)<br> })</pre> | <pre>{<br> "create_namespace": true,<br> "enabled": false,<br> "metrics_enabled": true,<br> "name": "nginx",<br> "namespace": "ingress-nginx",<br> "replicacount": 3<br>}</pre> | no |
+| <a name="input_nginx_ingress_controller_config"></a> [nginx\_ingress\_controller\_config](#input\_nginx\_ingress\_controller\_config) | Nginx ingress controller configs | <pre>object({<br> enabled = optional(bool, false)<br> name = optional(string, "nginx")<br> create_namespace = optional(bool, true)<br> namespace = optional(string, "ingress-nginx")<br> replicacount = optional(number, 3)<br> metrics_enabled = optional(bool, true)<br> configs = optional(any, {}) # Configurations to pass and override default ones. Check the helm chart available configs here: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx/4.12.0?modal=values<br> })</pre> | <pre>{<br> "create_namespace": true,<br> "enabled": false,<br> "metrics_enabled": true,<br> "name": "nginx",<br> "namespace": "ingress-nginx",<br> "replicacount": 3<br>}</pre> | no |
| <a name="input_node_groups"></a> [node\_groups](#input\_node\_groups) | Map of EKS managed node group definitions to create | `any` | <pre>{<br> "default": {<br> "desired_size": 2,<br> "iam_role_additional_policies": [<br> "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"<br> ],<br> "instance_types": [<br> "t3.large"<br> ],<br> "max_size": 4,<br> "min_size": 2<br> }<br>}</pre> | no |
| <a name="input_node_groups_default"></a> [node\_groups\_default](#input\_node\_groups\_default) | Map of EKS managed node group default configurations | `any` | <pre>{<br> "disk_size": 50,<br> "iam_role_additional_policies": [<br> "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"<br> ],<br> "instance_types": [<br> "t3.large"<br> ]<br>}</pre> | no |
| <a name="input_node_security_group_additional_rules"></a> [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | n/a | `any` | <pre>{<br> "ingress_cluster_10250": {<br> "description": "Metric server to node groups",<br> "from_port": 10250,<br> "protocol": "tcp",<br> "self": true,<br> "to_port": 10250,<br> "type": "ingress"<br> }<br>}</pre> | no |
diff --git a/main.tf b/main.tf
index cafbd8f..679af11 100644
--- a/main.tf
+++ b/main.tf
@@ -209,8 +209,10 @@
* ## karpenter enabled
* ### NOTES:
* ### - enabling karpenter automatically disables cluster auto-scaler
- * ### - then enabling karpenter on existing old cluster there is possibility to see cycle-dependency error, to overcome this you need at first to apply main eks module change (`terraform apply --target "module.<eks-module-name>.module.eks-cluster"`) and then rest of cluster-autoloader destroy and karpenter install onse
+ * ### - if vpc have been created externally(not inside this module) then you may need to set the following tags on private subnets `karpenter.sh/discovery=<cluster-name>`
+ * ### - then enabling karpenter on existing old cluster there is possibility to see cycle-dependency error, to overcome this you need at first to apply main eks module change (`terraform apply --target "module.<eks-module-name>.module.eks-cluster"`) and then rest of cluster-autoloader destroy and karpenter install ones
* ### - when destroying cluster which have karpenter enabled there is possibility of failure on karpenter resource removal, you need to run destruction one more time to get it complete
+ * ### - in order to be able to use spot instances you may need to create AWSServiceRoleForEC2Spot IAM role on aws account(TODO: check and create this role on account module automatically), here is the doc: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/service-linked-roles-spot-instance-requests.html , otherwise karpenter created `nodeclaim` kubernetes resource will show AuthFailure.ServiceLinkedRoleCreationNotPermitted error
* ```terraform
* module "eks" {
* source = "dasmeta/eks/aws"
diff --git a/modules/nginx-ingress-controller/README.md b/modules/nginx-ingress-controller/README.md
index 31316b5..1371af7 100644
--- a/modules/nginx-ingress-controller/README.md
+++ b/modules/nginx-ingress-controller/README.md
@@ -15,7 +15,9 @@
## Modules
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_custom_default_configs_merged"></a> [custom\_default\_configs\_merged](#module\_custom\_default\_configs\_merged) | cloudposse/config/yaml//modules/deepmerge | 1.0.2 |
## Resources
@@ -27,7 +29,8 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The app chart version | `string` | `"4.11.3"` | no |
+| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The app chart version | `string` | `"4.12.0"` | no |
+| <a name="input_configs"></a> [configs](#input\_configs) | Configurations to pass and override default ones. Check the helm chart available configs here: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx/4.12.0?modal=values | `any` | `{}` | no |
| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Create namespace or use existing one | `bool` | `true` | no |
| <a name="input_metrics_enabled"></a> [metrics\_enabled](#input\_metrics\_enabled) | Enable metric export | `bool` | `true` | no |
| <a name="input_name"></a> [name](#input\_name) | Name | `string` | `"nginx"` | no |
diff --git a/modules/nginx-ingress-controller/main.tf b/modules/nginx-ingress-controller/main.tf
index 210df88..44ad123 100644
--- a/modules/nginx-ingress-controller/main.tf
+++ b/modules/nginx-ingress-controller/main.tf
@@ -1,14 +1,44 @@
resource "helm_release" "ingress-nginx" {
- name = var.name
- repository = "https://kubernetes.github.io/ingress-nginx"
- values = [
- templatefile("${path.module}/values.yaml.tpl", {
- replicacount = var.replicacount
- metrics_enabled = var.metrics_enabled
- })
- ]
+ name = var.name
+ repository = "https://kubernetes.github.io/ingress-nginx"
+ values = [jsonencode(module.custom_default_configs_merged.merged)]
chart = "ingress-nginx"
namespace = var.namespace
version = var.chart_version
- create_namespace = true
+ create_namespace = var.create_namespace
+}
+
+
+module "custom_default_configs_merged" {
+ source = "cloudposse/config/yaml//modules/deepmerge"
+ version = "1.0.2"
+
+ maps = [
+ {
+ controller = {
+ config = {
+ use-forwarded-headers = "true"
+ enable-underscores-in-headers = "true"
+ }
+ replicaCount = var.replicacount
+ metrics = {
+ enabled : var.metrics_enabled
+ }
+ service = {
+ annotations = {
+ "service.beta.kubernetes.io/aws-load-balancer-scheme" = "internet-facing"
+ }
+ }
+ }
+ },
+ var.metrics_enabled ? {
+ controller = {
+ podAnnotations = {
+ "prometheus.io/scrape" = true
+ "prometheus.io/port" = 10254
+ }
+ }
+ } : {},
+ var.configs
+ ]
}
diff --git a/modules/nginx-ingress-controller/values.yaml.tpl b/modules/nginx-ingress-controller/values.yaml.tpl
deleted file mode 100644
index 483682e..0000000
--- a/modules/nginx-ingress-controller/values.yaml.tpl
+++ /dev/null
@@ -1,13 +0,0 @@
-controller:
- config:
- use-forwarded-headers: "true"
- enable-underscores-in-headers: 'true'
- replicaCount: ${replicacount}
-%{ if metrics_enabled ~}
- podAnnotations:
- prometheus.io/scrape: true
- prometheus.io/port: 10254
-%{ endif ~}
-
- metrics:
- enabled: ${metrics_enabled}
diff --git a/modules/nginx-ingress-controller/variables.tf b/modules/nginx-ingress-controller/variables.tf
index db2a755..5a82942 100644
--- a/modules/nginx-ingress-controller/variables.tf
+++ b/modules/nginx-ingress-controller/variables.tf
@@ -12,7 +12,7 @@ variable "namespace" {
variable "chart_version" {
type = string
- default = "4.11.3"
+ default = "4.12.0"
description = "The app chart version"
}
@@ -33,3 +33,9 @@ variable "metrics_enabled" {
default = true
description = "Enable metric export"
}
+
+variable "configs" {
+ type = any
+ default = {}
+ description = "Configurations to pass and override default ones. Check the helm chart available configs here: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx/4.12.0?modal=values"
+}
diff --git a/nginx-ingress-controller.tf b/nginx-ingress-controller.tf
index c732a43..271cfbb 100644
--- a/nginx-ingress-controller.tf
+++ b/nginx-ingress-controller.tf
@@ -8,4 +8,5 @@ module "nginx-ingress-controller" {
namespace = var.nginx_ingress_controller_config.namespace
replicacount = var.nginx_ingress_controller_config.replicacount
metrics_enabled = var.nginx_ingress_controller_config.metrics_enabled
+ configs = var.nginx_ingress_controller_config.configs
}
diff --git a/variables.tf b/variables.tf
index 469a033..5aed19c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -334,6 +334,7 @@ variable "nginx_ingress_controller_config" {
namespace = optional(string, "ingress-nginx")
replicacount = optional(number, 3)
metrics_enabled = optional(bool, true)
+ configs = optional(any, {}) # Configurations to pass and override default ones. Check the helm chart available configs here: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx/4.12.0?modal=values
})
default = {