-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.tf
More file actions
45 lines (41 loc) · 1.74 KB
/
main.tf
File metadata and controls
45 lines (41 loc) · 1.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
################################################################################
# modules/ingress: AWS Load Balancer Controller via helm_release
#
# Installs the AWS Load Balancer Controller from the public eks-charts
# Helm repository. The controller runs as a Deployment in the configured
# namespace (default kube-system) and watches for Ingress resources with
# `ingressClassName: alb`.
#
# Key design choices:
# - The IRSA role is NOT created here — it lives in modules/iam/ (the
# alb_controller submodule-backed role). This module receives the role
# ARN and wires it onto the service account annotation.
# - The chart is pulled from the public repo (not vendored locally).
# If you're running in an air-gapped environment, you'll need to mirror the
# chart into your ECR OCI repo and override the repository source.
# - No namespace creation — kube-system already exists. If you change
# var.namespace to something else, ensure the namespace exists (e.g.
# via modules/cluster-bootstrap/).
################################################################################
resource "helm_release" "alb_controller" {
name = "aws-load-balancer-controller"
namespace = var.namespace
repository = "https://aws.github.io/eks-charts"
chart = "aws-load-balancer-controller"
version = var.chart_version
atomic = true
cleanup_on_fail = true
values = [yamlencode({
clusterName = var.cluster_name
region = var.region
vpcId = var.vpc_id
enableEndpointSlices = true
serviceAccount = {
create = true
name = var.service_account_name
annotations = {
"eks.amazonaws.com/role-arn" = var.alb_controller_role_arn
}
}
})]
}