Table of contents
This series is a Work in Progress
Introduction
In the previous article we have created AKS cluster using Terraform. In this article we will setup Cert Manager and Nginx Ingress Controller on AKS Cluster.
Prerequisite
Make sure you have completed the previous article and have AKS cluster ready.
Setup Cert Manager
Cert-Manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.
Install Cert Manager
Cert Manager is deployed as a series of Kubernetes components, and we will install it using Helm.
helm repo add jetstack https://charts.jetstack.io
helm repo update
Prepare the terraform script
Update the terraform script to install cert manager.
resource "azurerm_public_ip" "aks_static_ip" {
depends_on = [azurerm_kubernetes_cluster.aks]
name = "${local.name_suffix}-aks-static-ip"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_kubernetes_cluster.aks.node_resource_group
allocation_method = "Static"
sku = "Standard"
tags = var.resource_group_tags
}
This will create a static IP address for the ingress controller.
locals {
aks_namespace = "${var.resource_group_tags["project"]}-${var.resource_group_tags["environment"]}-ingress-nginx"
}
This will create a name based on the project and environment.
resource "kubernetes_namespace" "ingress_namespace" {
depends_on = [azurerm_kubernetes_cluster.aks]
metadata {
name = "${local.aks_namespace}"
}
}
This will create a namespace for the ingress controller.
resource "helm_release" "nginx_ingress" {
depends_on = [azurerm_public_ip.aks_static_ip]
name = "nginx-ingress"
repository = "https://kubernetes.github.io/ingress-nginx"
chart = "ingress-nginx"
namespace = "${local.aks_namespace}"
version = "4.7.0"
set {
name = "controller.service.loadBalancerIP"
value = azurerm_public_ip.aks_static_ip.ip_address
}
set {
name = "controller.service.externalTrafficPolicy"
value = "Local"
}
}
This will install the nginx ingress controller. we are setting the static IP address for the ingress controller.
resource "helm_release" "cert_manager" {
depends_on = [azurerm_kubernetes_cluster.aks]
name = "cert-manager"
repository = "https://charts.jetstack.io"
chart = "cert-manager"
namespace = "${local.aks_namespace}"
version = "1.12.0"
set {
name = "installCRDs"
value = true
}
}
This will install the cert manager.
Plan and Apply the terraform script with tfvars
terraform plan -var-file="dev.tfvars"
This will show the plan for the terraform script.
terraform apply -var-file="dev.tfvars" -auto-approve
This will apply the terraform script.
Conclusion
In this article we have setup Cert Manager and Nginx Ingress Controller on AKS Cluster. It will help us to manage the certificates and ingress controller. In the next article we will see how to use cloudflare for DNS and setup the DNS records automatically using Terraform.