Home > Software design >  Vault Helm chart run with terraform does not create an ingress on kubernetes
Vault Helm chart run with terraform does not create an ingress on kubernetes

Time:08-05

I'm trying to install Vault on a Kubernetes Cluster by running the Vault Helm chart out of Terraform. For some reason the ingress doesn't get created. When I forward the pods port the ui comes up fine, so I assume everything is working, but the ingress not being available is tripping me up. Edit: There are no errors while running terraform apply. If there is another point where I should look, please tell me. This is my helm_release resource:

  name       = "vault"
  repository = "https://helm.releases.hashicorp.com"
  chart      = "vault"

  namespace        = "vault"
  create_namespace = true

  set {
    name  = "ui.enabled"
    value = "true"
  }

  #Set ingress up to use cert-manager provided secret
  set {
    name  = "ingress.enabled"
    value = "true"
  }

  set {
    name  = "ingress.annotations.cert-manager\\.io/cluster-issuer"
    value = "letsencrypt-cluster-prod"
  }

  set {
    name  = "ingress.annotations.kubernetes\\.io/ingress\\.class"
    value = "nginx"
  }

  set {
    name  = "ingress.tls[0].hosts[0]"
    value = var.vault_hostname
  }

  set {
    name  = "ingress.hosts[0].host"
    value = var.vault_hostname
  }

  set {
    name  = "ingress.hosts[0].paths[0]"
    value = "/"
  }
}

I'm relatively new to all of these techs, having worked with puppet before, so if someone could point me in the right direction, I'd be much obliged.

CodePudding user response:

I achieved enabling ingress with a local variable, here is the working example

locals {
    values = {
        server= {
            ingress = {
              enabled = var.server_enabled
              labels = {
                traffic = "external"
              }
              ingressClassName = "nginx"
              annotations = {
                "kubernetes.io/tls-acme" =  "true"
                "nginx.ingress.kubernetes.io/ssl-redirect" = "true"
              }
              hosts = [{
                host = vault.example.com
                paths = ["/"]
              }]
              tls = [
                {
                  secretName = vault-tls-secret
                  hosts = ["vault.example.com"]
                }
              ]
            }
        }
    }
}
resource "helm_release" "vault" {
  name          = "vault"
  namespace     = "vault"
  repository = "https://helm.releases.hashicorp.com"
  chart      = "vault"
  version       = "0.19.0"
  create_namespace = true
  # other value to set
  #set { 
   # name = "server.ha.enabled"
    #value = "true"
  #}
    values = [
    yamlencode(local.values)
  ]
}
  • Related