This module requires our openid connect module
Due to changes made in the helm chart you will need to recreate the entire stack. You should expect a downtime of 5 minutes.
Snippet from the controller repo:
The new controller is backwards compatible with the existing ingress objects. However, it will NOT coexist with the older aws-alb-ingress-controller.
The old controller must be uninstalled completely before installing the new version.
You should be logged in to the AWS console and watching the target group(s) of your cluster. You should also be prepared to restart the AWS LoadBalancer Controller deployment in your cluster. Upgrading this module requires planning and applying changes two times. This is included in the steps below.
- Comment out the current module and and apply the changes. This will cleanly remove the currently installed module.
- Uncomment the module. Set the module version reference to at least 3.0.3; the previous versions of the 3.0.x series are broken.
- Run
terraform initto download the new module. - set the variable
var.force_updatetotruejust to be sure. - Apply the changes and watch the target group(s) until they get into a draining state.
- Run
terraform planagain and apply the lingering changes. - In some undetermined cases the AWS LoadBalancer Controller can get stuck. To be sure, restart the deployment of the AWS LoadBalancer Controller.
The nodes should re-register to the Target Group(s) and your application should become available again.
module "eks_openid_connect" {
source = "[email protected]:kabisa/terraform-aws-eks-openid-connect.git?ref=1.0"
# tf 0.13
# depends_on = [module.eks]
cluster_oidc_issuer_url = module.eks.cluster_oidc_issuer_url
region = var.region
}
module "alb" {
source = "[email protected]:kabisa/terraform-aws-eks-alb-ingress.git?ref=1.0"
account_id = var.account_id
eks_cluster_name = var.eks_cluster_name
oidc_host_path = module.eks_openid_connect.oidc_host_path
region = var.region
vpc_id = module.vpc.vpc_id
}
resource "kubernetes_service" "my-service" {
metadata {
name = "my-service"
labels = {
"app" = "envoy-proxy"
}
}
spec {
type = "NodePort"
port {
port = 80
name = "http"
target_port = "http"
}
selector = {
"app" = "my-app"
}
}
}
resource "kubernetes_ingress" "my-ingress" {
metadata {
name = "my-ingress"
annotations = {
"kubernetes.io/ingress.class" = "alb"
"alb.ingress.kubernetes.io/scheme" = "internet-facing"
"alb.ingress.kubernetes.io/tags" = "Environment=testing"
"alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\": 80}, {\"HTTPS\": 443}]"
}
}
spec {
rule {
host = "example.com"
http {
path {
path = "/"
backend {
service_name = "my-service"
service_port = "http"
}
}
}
}
}
}| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| aws | >= 3.5.0 |
| helm | >= 1.2.4 |
| kubectl | >= 1.7.0 |
| kubernetes | >= 1.13 |
| Name | Version |
|---|---|
| aws | >= 3.5.0 |
| helm | >= 1.2.4 |
| kubectl | >= 1.7.0 |
| kubernetes | >= 1.13 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_id | The AWS account ID. | string |
n/a | yes |
| eks_cluster_name | The name of the EKS cluster. | string |
n/a | yes |
| force_update | Force Helm resource update through delete/recreate if needed. | bool |
false |
no |
| oidc_host_path | The host path of the OIDC provider. | string |
n/a | yes |
| region | The AWS region. | string |
n/a | yes |
| vpc_id | The VPC ID. | string |
n/a | yes |
| Name | Description |
|---|---|
| aws_iam_policy_arn | The IAM policy ARN for the ALB Ingress Controller. |