Terraform configuration for deploying Nginx ingress controller in a Kubernetes cluster
- GKE support.
- Automatic DNS management using Google Cloud DNS.
- Let's Encrypt wildcard certificate generation using cert-manager.
The following prerequisites need to be installed and configured:
- Terraform
- Google Cloud SDK (run
gcloud components updateto update SDK to the latest version if you already have it installed) - GKE cluster must be created (you may use this Terraform configuration to create it)
- Helm needs to be installed in the Kubernetes cluster
GOOGLE_APPLICATION_CREDENTIALS environment variable must be configured to point to GCE JSON key file. For example (PowerShell):
$env:GOOGLE_APPLICATION_CREDENTIALS = "C:/mykeys/gce-default.json"Copy terraform.tfvars.example file to terraform.tfvars and set input variables values as per your needs. Then initialize Terraform with init command:
terraform init -backend-config "bucket=$BUCKET_NAME" -backend-config "prefix=apps/$CLUSTER_NAME/nginx-ingress"$REGIONshould be replaced with a region name.$CLUSTER_NAMEshould be replaced with the name of a cluster.$BUCKET_NAMEshould be replaced with a GCS Terraform state storage bucket name.
To apply the Terraform plan, run:
terraform applyTo remove the Terraform plan, run:
terraform destroyThe cert-manager Helm chart included in this plan creates several Custom Resource Definitions that have to be deleted manually:
$ kubectl delete crd certificates.certmanager.k8s.io -n kube-system
customresourcedefinition.apiextensions.k8s.io "certificates.certmanager.k8s.io" deleted
$ kubectl delete crd clusterissuers.certmanager.k8s.io -n kube-system
customresourcedefinition.apiextensions.k8s.io "clusterissuers.certmanager.k8s.io" deleted
$ kubectl delete crd issuers.certmanager.k8s.io -n kube-system
customresourcedefinition.apiextensions.k8s.io "issuers.certmanager.k8s.io" deleted