dynamic loadbalancer ip reference
derrabauke opened this issue · comments
Hi @displague,
I'm trying to setup a cluster with a free domain service like nip.io, therefore I have to reference the load-balancer IP in the ingress-controller manifest (host variable).
My guess was something like this:
data "kubectl_path_documents" "example" {
depends_on = [helm_release.ingress_nginx]
pattern = "${path.module}/assets/example.yaml"
vars = {
example_host = "${var.example_host}.${helm_release.ingress_nginx.load_balancer.ip}.nip.io"
# example_host = var.example_host
env_name = var.env_name
}
}
Could you tell me, if this is possible with your setup? I'm trying to find out the attributes of the ressource, but didn't find anything appropriate.
Thanks for the good work & Cheers
Hi @derrabauke,
The purpose of example_host
is to demonstrate that the Ingress works and configures DNS (via ExternalDNS and Linode) and configures TLS via CertManager.
I haven't looked at nip.io
before, but they appear to offer DNS names based on IP address (inclusion in the name), so you wouldn't need ExternalDNS for this. You could try to take advantage of the CertManager integration, but https://nickjanetakis.com/blog/ngrok-lvhme-nipio-a-trilogy-for-local-development-and-testing#nipio suggests that 'prod' certificates are rate-limited.
Thx for the fast reply!
Actually nip.io was my second shot, since my service which I want to publish was not available after creation...
One more question: With the following ingress definition in ./modules/ingress_nginx/assets/example.yaml
, example_host=example.com
and a service called todo-app (ClusterIP, different namespace), my service should be available under: http://example.com
, right?
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# NOTE: enable session affinity to make websockets work for deployments with replica > 1
nginx.ingress.kubernetes.io/affinity: 'cookie'
nginx.ingress.kubernetes.io/session-cookie-name: 'express_sid'
cert-manager.io/cluster-issuer: letsencrypt-${env_name}
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
use-proxy-protocol: "true"
name: app-ingress
namespace: ingress-nginx
spec:
rules:
- host: ${example_host}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: todo-app
port:
number: 80
tls:
- hosts:
- ${example_host}
secretName: ${example_host}-crt
Sorry for bothering you with that, but I really want to understand it.
Yes. But notice that the namespace of the ingress is ingress-nginx
, which is where the default backend service is running.
If your todo-app
service is also in the ingress-nginx
namespace, then this should work.
If you have example_host=test.foo.bar
in your terraform.tfvars
file, and you have foo.bar
in Linode's Domain Manager, then the A
record test.foo.bar
will point to a nodebalancer (managed by the Linode CCM) pointing to the nginx ingress controller, which this Ingress resource indicates should route to the todo-app
service.
In terms of timing, you would need the todo-app
to be defined before this Ingress is added. I would suggest not using example_host
(set it to an empty string). Create this Ingress by hand (or your own TF) in the namespace of the app that you add.
This would be a good example/
for this module. Perhaps the example_host
option should go away (along with what if configures) in favor of example/todoapp/
that demonstrates how to use this module with a todoapp.
# examples/todoapp/main.tf
variable "example_host" {}
variable ... the required params
module "lke_addons" {
src = "../../"
... required params
}
... use the kubectl provider to create your todoapp and ingress using the example_host name.
https should work too (ideally, but see #2).
Closing this but can reopen if there's anything else related to this, @derrabauke