Skip to content
This repository has been archived by the owner on Aug 25, 2023. It is now read-only.

basisai/terraform-google-ambassador

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github
.github
 
 
modules
modules
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
l4.tf
l4.tf
 
 
l7.tf
l7.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Terraform Ambassador on GCP

An opinionated module to deploy Ambassador on GCP, specifically GKE. This might work on self-managed Kubernetes clusters, but it's not tested.

This module makes a set of assumptions:

  • Ambassador is deployed behind either an Ingress or LoadBalancer
  • TLS is enabled

If the assumptions do not hold, you can look at the source code of the root module and make use of the individual modules.

Pre-requisites

Requirements

Name Version
terraform >= 0.15
google >= 3.0
kubernetes >= 2.5

Providers

Name Version
google >= 3.0

Modules

Name Source Version
backend_config ./modules/backend n/a
frontend ./modules/frontend n/a
helm basisai/ambassador/helm 1.0.0-alpha1

Resources

Name Type
google_compute_address.l4 resource
google_compute_address.l4 data source

Inputs

Name Description Type Default Required
admin_service_annotations Annotations for the admin service map(string) 
{
  "prometheus.io/scrape": "true"
}
 no
affinity Pod Affinity any {} no
allow_http Allow plaintext HTTP traffic. Needs to be enabled for redirection. bool true no
ambassador_configurations Configuration options for Ambassador. See https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/ any 
{
  "diagnostics": {
    "enabled": false
  }
}
 no
ambassador_id Ambassador ID string "default" no
backend_config Name for the BackendConfig CRD. Defaults to chart release name string "" no
cdn Enable Cloud CDN 
object({
    enabled = bool
    # See https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_backendconfig_parameters
    policy = optional(object({
      include_host           = optional(bool)
      include_protocol       = optional(bool)
      include_query_string   = optional(bool)
      query_string_blacklist = optional(list(string))
      query_string_whitelist = optional(list(string))
    }))
  })
 
{
  "enabled": false
}
 no
chart_namespace Namespace to run the chart in string "ambassador" no
chart_version Version of Chart to install. Set to empty to install the latest version string "7.2.0" no
cloud_armor_policy Name of the Cloud Armor Policy to use string "" no
connection_draining_timeout_sec connection draining timeout is the time, in seconds, to wait for connections to drain number 0 no
container_security_context Container securityContext any {} no
crd_manifest Provide a custom CRD Manifest to be created. Otherwise, the version corresponding to var.image_tag will be used string null no
create_default_listeners Whether Emissary should be created with default listeners: HTTP on port 8080, HTTPS on port 8443. See https://www.getambassador.io/docs/emissary/latest/howtos/configure-communications/ bool false no
custom_request_headers Map of Custom Request Headers map(string) {} no
enable_l7_load_balancing Use L7 for load balancing. Otherwise, L4 is used bool true no
env Environment variables for container map(string) {} no
env_raw Raw environment variables for container in YAML string "" no
external_traffic_policy External traffic policy for L4 Load balancing string "Local" no
frontend_config Frontend Config CRD name string "" no
health_check Health Check Configuration 
object({
    interval            = optional(number)
    timeout             = optional(number)
    health_threshold    = optional(number)
    unhealthy_threshold = optional(number)
    protocol            = optional(string)
    path
= optional(string)
port = optional(number)
})		 
{
  "interval": 10,
  "path": "/ambassador/v0/check_alive",
  "port": 8877,
  "protocol": "HTTP",
  "timeout": 10
}
 no
hpa_enabled Enable HPA bool true no
hpa_max_replica Max Number of replica number 3 no
hpa_metrics Metrics for HPA Scaling any 
[
  {
    "resource": {
      "name": "cpu",
      "target": {
        "averageUtilization": 80,
        "type": "Utilization"
      }
    },
    "type": "Resource"
  },
  {
    "resource": {
      "name": "memory",
      "target": {
        "averageUtilization": 80,
        "type": "Utilization"
      }
    },
    "type": "Resource"
  }
]
 no
hpa_min_replica Minimum Number of replica number 2 no
http2_enable Use HTTP/2. See https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-http2 bool true no
iap Enable Identity-Aware Proxy by setting the secret name with the OAuth Client Credentials string "" no
image_repository Image repository for Ambassador image string "quay.io/datawire/ambassador" no
image_tag Image tag for Ambassador image string "1.13.9" no
ingress_annotations Additional annotations for the ingress map(string) {} no
ingress_name Name of the Kubernetes Ingress string "" no
internet_facing Whether the Load Balancer, L7 or L4 is internet facing bool true no
kubernetes_annotations Annotations for Kubernetes Resources map(string) 
{
  "app.kubernetes.io/instance": "ambassador",
  "app.kubernetes.io/managed-by": "Terraform",
  "app.kubernetes.io/name": "ambassador",
  "app.kubernetes.io/part-of": "ambassador"
}
 no
kubernetes_labels Labels for the Kubernetes Resources map(string) 
{
  "app.kubernetes.io/instance": "ambassador",
  "app.kubernetes.io/managed-by": "Terraform",
  "app.kubernetes.io/name": "ambassador",
  "app.kubernetes.io/part-of": "ambassador"
}
 no
labels Labels for resources map(string) 
{
  "app.kubernetes.io/managed-by": "Terraform"
}
 no
load_balancer_source_ranges Load balancer source range for L4 Load balancing list(string) 
[
  "0.0.0.0/0"
]
 no
logging Logging configuration for the endpoint 
object({
    enable      = bool
    sample_rate = number
  })
 
{
  "enable": false,
  "sample_rate": 0.5
}
 no
manage_crd Manage the CRD for Emissary Ingress bool false no
managed_certificates List of managed certificates to use or create. Key is the name 
map(object({
    create  = optional(bool) # False by default
    domains = optional(list(string))
  }))
 {} no
pod_disruption_budget PDB values any 
{
  "minAvailable": 1
}
 no
pod_security_context Pod securityContext any {} no
pre_shared_certificates List of pre-shared certificates to use. See https://cloud.google.com/load-balancing/docs/ssl-certificates/self-managed-certs list(string) [] no
priority_class_name Priority class names string "" no
project_id Project ID for resources. Defaults to provider configured project string null no
region Region for resources. Defaults to provider configured region string null no
release_name Chart release name string "emissary-ingress" no
replicas Number of replicas number 3 no
resources Pod resources any 
{
  "limits": {
    "cpu": "1000m",
    "memory": "1500Mi"
  },
  "requests": {
    "cpu": "200m",
    "memory": "1500Mi"
  }
}
 no
service_annotations Additional annotations for the service map(string) {} no
service_name Name of Ambassador Service string "ambassador" no
service_port Port of Ambaassador Service any 443 no
session_affinity Session affinity. Set type to empty to disable 
object({
    type           = string
    cookie_ttl_sec = optional(number)
  })
 
{
  "type": ""
}
 no
ssl_policy SSL Policy. Set to null to not use any. 
object({
    name   = string
    create = bool
  })
 
{
  "create": true,
  "name": "ambassador"
}
 no
ssl_policy_settings Settings for SSL policy to create 
object({
    description     = optional(string)
    profile         = optional(string)
    min_tls_version = optional(string)
    custom_features = optional(list(string))
  })
 
{
  "min_tls_version": "TLS_1_2",
  "profile": "MODERN"
}
 no
ssl_redirect Redirect HTTP to HTTPS 
object({
    enabled            = bool
    response_code_name = optional(string) # One of MOVED_PERMANENTLY_DEFAULT FOUND, SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT
  })
 
{
  "enabled": true,
  "response_code_name": "MOVED_PERMANENTLY_DEFAULT"
}
 no
static_ip Static IP configuration 
object({
    name   = string # Name to create or use
    create = bool

    description = optional(string)

    # Internal address only
    subnetwork   = optional(string) # Required for internal
    network_tier = optional(string)
    address      = optional(string) # IPv4 Address for an internal IP
  })
 
{
  "create": true,
  "name": "ambassadaor"
}
 no
timeout_sec Configures the backend service timeout. See https://cloud.google.com/load-balancing/docs/backend-service#timeout-setting number 30 no
tls_secrets List of secrets to include in the ingress 
list(object({
    hosts       = optional(list(string))
    secret_name = optional(string)
  }))
 [] no
tolerations Pod Tolerations list(any) [] no
volume_mounts Volumes mounts for container list(any) [] no
volumes Volumes for containers list(any) [] no
wait_for_load_balancer Wait for Load Balancer to be created successfully before returning bool true no

Outputs

Name Description
ip_address IP Address of the deployed endpoint

About

Opinionated module to deploy Ambassador on GKE.

registry.terraform.io/modules/basisai/ambassador/google/latest

Topics

hacktoberfest

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases 7

v0.2.0: Non-alpha Kubernetes Manifest Latest
Oct 21, 2021
+ 6 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages