add ingress nginx and fix some bugs

Author: Friz-zy

example/main.tf

@@ -7,7 +7,7 @@ locals {
   admin_email         = "[email protected]"
   ingress_domain      = "cluster.local"
   ingress_class_name  = "apisix" # or "nginx"
-  cert_manager_issuer = ""
+  cert_manager_issuer = "" # you can set to "letsencrypt-staging" or "letsencrypt-prod" after configuring dns records
 
   cluster_version     = "1.29"
 
@@ -42,15 +42,16 @@ locals {
         "node.kubernetes.io/purpose" = "management"
       }
 
-# multiple pods don't have tolerations yet
-# including snapshot-controller plugin that can't be changed at all
-#       taints = {
-#         purpose = {
-#           key    = "node.kubernetes.io/purpose"
-#           value  = "management"
-#           effect = "NO_SCHEDULE"
-#         }
-#       }
+    # multiple pods don't have tolerations yet
+    # including snapshot-controller plugin that can't be changed at all
+    #   taints = {
+    #     purpose = {
+    #       key    = "node.kubernetes.io/purpose"
+    #       value  = "management"
+    #       effect = "NO_SCHEDULE"
+    #     }
+    #   }
+
     }
   }
 
@@ -70,28 +71,16 @@ locals {
 #       aws-node-termination-handler = {}
   }
 
-  # or in all cluster networks and availability zones
-  self_managed_node_groups = {}
-
-  eks_managed_node_groups = {
-#     management = {
-#       min_size     = 0
-#       desired_size = 0
-# 
-#       labels = {
-#         "node.kubernetes.io/purpose" = "management"
-#       }
-# 
-#       taints = {
-#         purpose = {
-#           key    = "node.kubernetes.io/purpose"
-#           value  = "management"
-#           effect = "NO_SCHEDULE"
-#         }
-#       }
+  # Groups in all cluster networks and availability zones
+  self_managed_node_groups = {
+#     nth_test = {
+#       min_size       = 0
+#       desired_size   = 0
+#       max_size       = 1
+#       instance_types = ["t3.nano"]
 #     }
   }
-
+  eks_managed_node_groups = {}
   fargate_profiles = {}
 
   tags = {
@@ -137,6 +126,7 @@ module "eks" {
   cluster_version                                 = local.cluster_version
   admin_email                                     = local.admin_email
   ingress_domain                                  = local.ingress_domain
+  ingress_class_name                              = local.ingress_class_name
   cert_manager_issuer                             = local.cert_manager_issuer
   vpc_id                                          = module.vpc.vpc_id
   number_of_multi_az                              = local.number_of_multi_az
@@ -158,6 +148,7 @@ module "eks" {
   enable_metrics_server               = true
   enable_vpa                          = true
   enable_ingress_apisix               = true
+  enable_ingress_nginx                = false
   enable_victoriametrics_operator     = true
   enable_opentelemetry_operator       = true
   enable_clickhouse_operator          = true

main.tf

@@ -260,7 +260,8 @@ locals {
   aws_efs_csi_driver_config = merge(
     local.universal_addon_config,
     {
-      reset_values = true
+      chart_version = null
+      reset_values  = true
       values = [
         <<-EOT
           controller:
@@ -274,20 +275,23 @@ locals {
   # https://github.com/aws/aws-node-termination-handler/blob/main/config/helm/aws-node-termination-handler/values.yaml
   aws_node_termination_handler_config = merge(
     local.universal_addon_config,
-    {reset_values = true},
+    {
+      chart_version = null
+      reset_values  = true
+    },
     var.aws_node_termination_handler_config
   )
   aws_node_termination_handler_asg_arns = concat(
     [for asg in module.eks.self_managed_node_groups : asg.autoscaling_group_arn],
-    [for asg in module.eks.eks_managed_node_groups : asg.autoscaling_group_arn],
     var.aws_node_termination_handler_asg_arns
   )
 
   # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml
   cert_manager_config = merge(
     local.universal_addon_config,
     {
-      reset_values = true
+      chart_version = null
+      reset_values  = true
       values = [
         <<-EOT
           webhook:
@@ -305,22 +309,29 @@ locals {
   # https://github.com/kubernetes/autoscaler/blob/master/charts/cluster-autoscaler/values.yaml
   cluster_autoscaler_config = merge(
     local.universal_addon_config,
-    {reset_values = true},
+    {
+      chart_version = null
+      reset_values  = true
+    },
     var.cluster_autoscaler_config
   )
 
   # https://github.com/kubernetes-sigs/metrics-server/blob/master/charts/metrics-server/values.yaml
   metrics_server_config = merge(
     local.universal_addon_config,
-    {reset_values = true},
+    {
+      chart_version = null
+      reset_values  = true
+    },
     var.metrics_server_config
   )
 
   # https://github.com/FairwindsOps/charts/blob/master/stable/vpa/values.yaml
   vpa_config = merge(
     local.universal_addon_config,
     {
-      reset_values = true
+      chart_version = null
+      reset_values  = true
       values = [
         <<-EOT
           recommender:
@@ -549,6 +560,7 @@ module "opentelemetry_operator" {
   depends_on = [
     #module.eks,
     #module.addons
+    module.victoriametrics_operator
   ]
 
   create        = var.enable_opentelemetry_operator
@@ -614,7 +626,7 @@ module "clickhouse_operator" {
   )
 }
 
-# INGRESS APISIX
+# INGRESS
 
 module "ingress_apisix" {
   source = "./modules/apisix"
@@ -627,7 +639,7 @@ module "ingress_apisix" {
   ]
 
   create        = var.enable_ingress_apisix
-  chart_version = can(var.ingress_apisix_chart_version) ? var.ingress_apisix_chart_version : null
+  chart_version = var.ingress_apisix_chart_version
   namespace     = var.ingress_apisix_namespace
   set           = var.ingress_apisix_set
   tags          = var.tags
@@ -647,6 +659,47 @@ module "ingress_apisix" {
   )
 }
 
+module "ingress_nginx" {
+  source = "./modules/nginx"
+  count = var.enable_ingress_nginx ? 1 : 0
+
+  depends_on = [
+    #module.eks,
+    #module.addons
+    module.victoriametrics_operator
+  ]
+
+  create        = var.enable_ingress_nginx
+  chart_version = var.ingress_nginx_chart_version
+  namespace     = var.ingress_nginx_namespace
+  set           = var.ingress_nginx_set
+  tags          = var.tags
+
+  values = concat(
+    [
+    <<-EOT
+      controller:
+        ${replace(local.universal_values_string, "\n", "\n  ")}
+      defaultBackend:
+        ${replace(local.universal_values_string, "\n", "\n  ")}
+    EOT
+    ],
+    [
+    <<-EOT
+      %{ if var.enable_victoriametrics_operator == true }
+      controller:
+        metrics:
+          serviceMonitor:
+            enabled: true
+            namespace: "${var.ingress_nginx_namespace}"
+            scrapeInterval: 30s # default
+      %{ endif }
+    EOT
+    ],
+    var.ingress_nginx_values
+  )
+}
+
 # MONITORING
 
 module "victoriametrics" {
@@ -717,28 +770,27 @@ module "victoriametrics" {
             - secretName: grafana-${var.victoriametrics_namespace}-tls
               hosts:
               - grafana.${var.ingress_domain}
+          %{ else }
+          tls: []
           %{ endif }
       %{ endif }
       %{ endif }
     EOT
     ,
     <<-EOT
-      %{ if var.enable_uptrace == true }
+      %{ if var.enable_uptrace == true || var.enable_qryn == true }
       vmagent:
         # https://docs.victoriametrics.com/operator/api/#vmagentremotewritespec
         # https://uptrace.dev/get/ingest/prometheus.html#prometheus-remote-write
         additionalRemoteWrites:
+          %{ if var.enable_uptrace == true }
           - url: "http://${module.uptrace[0].chart.uptrace}.${module.uptrace[0].namespace.uptrace}.svc:14318/api/v1/prometheus/write"
             headers:
               - "uptrace-dsn: http://${module.uptrace[0].project_tokens[1]}@${module.uptrace[0].chart.uptrace}.${module.uptrace[0].namespace.uptrace}.svc:14318/2?grpc=14317"
-      %{ endif }
-    EOT
-    ,
-    <<-EOT
-      %{ if var.enable_qryn == true }
-      vmagent:
-        additionalRemoteWrites:
+          %{ endif }
+          %{ if var.enable_qryn == true }
           - url: "http://${var.admin_email}:${module.qryn[0].root_password}@${module.qryn[0].chart.qryn}.${module.qryn[0].namespace.qryn}.svc:3100/api/v1/write"
+          %{ endif }
       %{ endif }
     EOT
     ],
@@ -789,6 +841,8 @@ module "victoriametrics" {
               - vmalertmanager.${var.ingress_domain}
               - vmagent.${var.ingress_domain}
               - vmalert.${var.ingress_domain}
+        %{ else }
+        tls: []
         %{ endif }
       %{ endif }
     EOT
@@ -803,8 +857,8 @@ module "grafana" {
   count = var.enable_grafana ? 1 : 0
 
   depends_on = [
-#     module.eks,
-#     module.addons,
+    #module.eks,
+    #module.addons,
     module.grafana_operator,
     module.victoriametrics_operator
   ]
@@ -847,6 +901,8 @@ module "grafana" {
           - secretName: grafana-${var.grafana_namespace}-tls
             hosts:
               - grafana.${var.ingress_domain}
+        %{ else }
+        tls: []
         %{ endif }
       %{ endif }
     EOT
@@ -909,6 +965,8 @@ module "uptrace" {
           - secretName: uptrace-${var.uptrace_namespace}-tls
             hosts:
               - uptrace.${var.ingress_domain}
+        %{ else }
+        tls: []
         %{ endif }
       %{ endif }
     EOT
@@ -985,6 +1043,8 @@ module "qryn" {
           - secretName: qryn-${var.qryn_namespace}-tls
             hosts:
               - qryn.${var.ingress_domain}
+        %{ else }
+        tls: []
         %{ endif }
       %{ endif }
     EOT
@@ -1047,6 +1107,8 @@ module "openobserve" {
           - secretName: openobserve-${var.openobserve_namespace}-tls
             hosts:
               - openobserve.${var.ingress_domain}
+        %{ else }
+        tls: []
         %{ endif }
       %{ endif }
     EOT
@@ -1145,6 +1207,8 @@ module "vector_agent" {
             type: "loki"
             inputs:
               - kubernetes_logs
+            encoding:
+              codec: "json"
             endpoint: "http://${module.qryn[0].chart.qryn}.${module.qryn[0].namespace.qryn}.svc:3100"
             auth:
               strategy: "basic"
@@ -1199,6 +1263,8 @@ module "kubernetes_dashboard" {
           - secretName: kubernetes-dashboard-${var.kubernetes_dashboard_namespace}-tls
             hosts:
               - k8s-dashboard.${var.ingress_domain}
+        %{ else }
+        tls: []
         %{ endif }
     %{ endif }
     EOT

modules/grafana/variables.tf

@@ -77,7 +77,7 @@ variable "chart" {
 variable "chart_version" {
   description = "Specify the exact chart version to install. If this is not specified, the latest version is installed"
   type        = string
-  default     = ""
+  default     = null
 }
 
 variable "repository" {