include "root" { path = find_in_parent_folders() } terraform { source = "${get_repo_root()}//modules/eks-ingress-controller" } dependencies { paths = ["../eks-kube-prometheus-stack"] } dependency "vpc" { config_path = "../vpc" # Configure mock outputs for the `validate` and `plan` commands that are returned when there are no outputs available # (e.g the module hasn't been applied yet) mock_outputs_allowed_terraform_commands = ["validate", "plan"] mock_outputs = { vpc_id = "fake-vpc-id" private_subnets = ["fake-private-subnet-id-1", "fake-sprivate-ubnet-id-2"] vpc_cidr_block = "10.88.0.0/24" } } dependency "eks" { config_path = "../eks" # Configure mock outputs for the `validate` and `plan` commands that are returned when there are no outputs available # (e.g the module hasn't been applied yet) mock_outputs_allowed_terraform_commands = ["validate", "plan"] mock_outputs = { cluster_id = "fake-cluster-id" cluster_endpoint = "https://fake-cluster-endpoint.eks.amazonaws.com" cluster_certificate_authority_data = "ZmFrZS1jYS1jZXJ0LWRhdGE=" } } dependency "public_dns" { config_path = "../dns-public" mock_outputs_allowed_terraform_commands = ["validate", "plan"] mock_outputs = { dns_zone = { name = "xxx" zone_id = "ZXXXXXXXXXXXXXXXXXXX" } sub_zones = { "fake.sub.zone.com" = { name = "xxx" zone_id = "ZXXXXXXXXXXXXXXXXXXX" } } } } dependency "private_dns" { config_path = "../dns-private" mock_outputs_allowed_terraform_commands = ["validate", "plan"] mock_outputs = { dns_zone = { name = "xxx" zone_id = "ZXXXXXXXXXXXXXXXXXXX" } sub_zones = { "fake.sub.zone.com" = { name = "xxx" zone_id = "ZXXXXXXXXXXXXXXXXXXX" } } } } dependency "eips" { config_path = "../elastic-ips" mock_outputs_allowed_terraform_commands = ["validate", "plan"] mock_outputs = { eip_groups = { eks_public_nlb = { eips = [ { allocation_id = "eipalloc-xxxxxxxxxxxxxxxxx" }, { allocation_id = "eipalloc-yyyyyyyyyyyyyyyyy" } ] } } } } locals { config_vars = read_terragrunt_config(find_in_parent_folders("config.hcl")) environment = local.config_vars.locals.environment eks_ingress_controller = local.config_vars.locals.eks_ingress_controller lb_config_public = merge( local.eks_ingress_controller.load_balancer_config.public, { type = "external" enable-proxy-protocol = true nlb-target-type = "instance" } ) lb_config_internal = merge( local.eks_ingress_controller.load_balancer_config.internal, { type = "external" enable-proxy-protocol = true nlb-target-type = "instance" } ) } generate = local.config_vars.generate inputs = { cluster_id = dependency.eks.outputs.cluster_id cluster_endpoint = dependency.eks.outputs.cluster_endpoint cluster_certificate_authority_data = dependency.eks.outputs.cluster_certificate_authority_data namespace = local.eks_ingress_controller.namespace create_namespace = local.eks_ingress_controller.create_namespace ingress_config = { use-proxy-protocol = true proxy-real-ip-cidr = dependency.vpc.outputs.vpc_cidr_block use-forwarded-headers = true compute-full-forwarded-for = true } load_balancer_config = { public = local.lb_config_public, internal = local.lb_config_internal, public = merge(local.lb_config_public, { "eip-allocations" = join(", ", dependency.eips.outputs.eip_groups.eks_public_nlb.eips.*.allocation_id), "name" = "${dependency.eks.outputs.cluster_id}-public" }) internal = merge(local.lb_config_internal, { "name" = "${dependency.eks.outputs.cluster_id}-internal" }) } enable_internal_lb = local.eks_ingress_controller.enable_internal_lb public_dns_record = { zone_id = dependency.public_dns.outputs.dns_zone.zone_id name = "${local.lb_config_public.dns_record}.${dependency.public_dns.outputs.dns_zone.name}" } internal_dns_record = { zone_id = dependency.private_dns.outputs.dns_zone.zone_id name = "${local.lb_config_internal.dns_record}.${dependency.private_dns.outputs.dns_zone.name}" } }