Cert Manager and Nginx Ingress Controller on AKS Cluster with static IP

Table of Contents

Introduction
Prerequisite
Setup Cert Manager
- Install Cert Manager
Prepare the terraform script
Plan and Apply the terraform script with tfvars
Conclusion

Post in this Series

Azure Deployment for .Net - Introduction - Prerequisites
Create AKS cluster and ACR with Terraform
Cert Manager and Nginx Ingress Controller on AKS Cluster with static IP (This post)
Cloudflare DNS for AKS Cluster with Terraform
Build, Version and Publish .Net Application to ACR using GitHub Actions

Introduction

In the previous article we have created AKS cluster using Terraform. In this article we will setup Cert Manager and Nginx Ingress Controller on AKS Cluster.

Prerequisite

Make sure you have completed the previous article and have AKS cluster ready.

Setup Cert Manager

Cert-Manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.

Install Cert Manager

Cert Manager is deployed as a series of Kubernetes components, and we will install it using Helm.

helm repo add jetstack https://charts.jetstack.io
helm repo update

Prepare the terraform script

Update the terraform script to install cert manager.

resource "azurerm_public_ip" "aks_static_ip" {
  depends_on          = [azurerm_kubernetes_cluster.aks]
  name                = "${local.name_suffix}-aks-static-ip"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_kubernetes_cluster.aks.node_resource_group
  allocation_method   = "Static"
  sku                 = "Standard"
  tags                = var.resource_group_tags
}

This will create a static IP address for the ingress controller.

locals {
  aks_namespace = "${var.resource_group_tags["project"]}-${var.resource_group_tags["environment"]}-ingress-nginx"
}

This will create a name based on the project and environment.

resource "kubernetes_namespace" "ingress_namespace" {
  depends_on = [azurerm_kubernetes_cluster.aks]
  metadata {
    name = "${local.aks_namespace}"
  }
}

This will create a namespace for the ingress controller.

resource "helm_release" "nginx_ingress" {
  depends_on = [azurerm_public_ip.aks_static_ip]
  name       = "nginx-ingress"
  repository = "https://kubernetes.github.io/ingress-nginx"
  chart      = "ingress-nginx"
  namespace  = "${local.aks_namespace}"
  version    = "4.7.0"

  set {
    name  = "controller.service.loadBalancerIP"
    value = azurerm_public_ip.aks_static_ip.ip_address
  }

  set {
    name  = "controller.service.externalTrafficPolicy"
    value = "Local"
  }
}

This will install the nginx ingress controller. we are setting the static IP address for the ingress controller.

resource "helm_release" "cert_manager" {
  depends_on = [azurerm_kubernetes_cluster.aks]
  name       = "cert-manager"
  repository = "https://charts.jetstack.io"
  chart      = "cert-manager"
  namespace  = "${local.aks_namespace}"
  version    = "1.12.0"

  set {
    name  = "installCRDs"
    value = true
  }
}

This will install the cert manager.

Plan and Apply the terraform script with tfvars

terraform plan -var-file="dev.tfvars"

This will show the plan for the terraform script.

terraform apply -var-file="dev.tfvars" -auto-approve

This will apply the terraform script.

Conclusion

In this article we have setup Cert Manager and Nginx Ingress Controller on AKS Cluster. It will help us to manage the certificates and ingress controller. In the next article we will see how to use cloudflare for DNS and setup the DNS records automatically using Terraform.