Ingress Nginx for Kubernetes

All notable changes to this project are documented here.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

v5.4.0 - 2025-04-10

Added

• option to configure Ingress Class name by means of ingress_nginx.ingress_class_name variable
• validation for the ingress_nginx.version variable (compatible chart version is 4.12.0 and newer)

Changed

• Ingress Nginx Helm chart version (from 4.6.1 to 4.12.1) to align with latest fixes of Ingress Nginx vulnerabilities

Fixed

• Ingress Class name definition and its reference for the ingress_class output

v5.3.2 - 2025-03-28

Fixed

• incorrect naming of Ingress Controller Service in the data source making the module return an incorrect external IP address in the output

v5.3.1 - 2025-03-11

Removed

• validation for the k8s_flavor variable

v5.3.0 - 2025-02-05

Added

• output with ingressClass name (ingress_class)

v5.2.0 - 2024-12-12

Changed

• ingress_nginx_ip output to ingress_ip
• ingress_nginx_hostname output to ingress_hostname

Deprecated

• ingress_nginx_ip in favour of ingress_ip and will be deleted in v6.0
• ingress_nginx_hostname in favour of ingress_hostname and will be deleted in v6.0

v5.1.0 - 2024-12-10

Added

• helm_timeout parameter for ingress_nginx variable to configure deployment timeout of its Helm release

v5.0.0 - 2024-11-25

BREAKING CHANGE: now cert-manager setup is managed by the child module and Ingress Nginx deployment is mandatory

Added

• acme_email variable for cert-manager configuration

Changed

• management of cert-manager resources from in-module resources to the child module
• optional Ingress Nginx deployment to mandatory

Removed

• var.ingress_nginx.enabled parameter

v4.1.0 - 2024-09-04

Added

• togglable real IP detection

v4.0.1 - 2024-07-10

Changed

• updated version of tf-k8s-crd module dependency to ~> 2.0
• Ingress Nginx Helm chart (from 4.0.18 to 4.6.1) version

v4.0.0 - 2023-10-19

BREAKING CHANGE: now all custom_values are declared as lists of objects which aren't compatible with previous version

NOTE: After module upgrade to v4.0 all custom_values definitions must be updated, see Upgrade Notes section

Added

• possibility to declare a type of the custom values for Ingress Nginx and cert-manager

Changed

• definitions of custom values for Ingress Nginx and cert-manager releases rollout from maps to list of objects

v3.1.1 - 2023-07-27

Changed

• strict order of creation of resources to avoid race conditions

v3.1 - 2023-06-27

Added

• an option to set ingress annotation of the load balancer health checks for AKS cluster by means of k8s_flavor variable

v3.0.0 - 2023-01-13

BREAKING CHANGE: now all kubernetes provider resources use versioned resources which aren't compatible with previous version

NOTE: After module upgrade to v3.0 all kubernetes provider resources and other resources that depend on them will be recreated, or they can be reimported to TF state manually, see Upgrade Notes section

Added

• tf-k8s-crd module dependency

Changed

• use versioned Kubernetes provider resources instead of standard ones in order to satisfy requirements of future updates of providers
• updated main inputs that describe Ingress Nginx and cert-manager parameters
• definitions of ClusterIssuer custom resources use CRD TF module
• declare default values of ingress_nginx variable
• code formatting

Removed

• gavinbunney/kubectl provider dependency
• obsolete template of kubernetes manifest for cert-manager cluster issuer

v2.1.0 - 2022-12-23

Added

• an option to manage replicas' number for Ingress Nginx

Changed

• Ingress Nginx controller deploys with 2 replicas by default

v2.0.0 - 2022-10-12

BREAKING CHANGE: now module inputs and resources management have fundamentally new concept which isn't compatible with previous version

Added

• moved blocks to ensure reverse compatibility

Changed

• bump terraform version to 1.3
• combined all ingress_* and certmanager_* separate variables into two ingress and cert-manager object variables that contain all related elements
• combined three kubernetes_manifest calls for each cluser issuer into one
• improve cluster issuer template. Made it unified for any of cluster issuer types

Fixed

• letsencrypt production template call in letsencrypt staging terraform resource

v1.5.0 - 2022-09-28

Added

• optional deployment of selfsigned cluster issuer (disabled by default)

v1.4.0 - 2022-09-23

Added

• use configurable Ingress Class definition for cert-manager deployment instead of predefined hardcoded value

v1.3.0 - 2022-09-12

Added

• make Ingress Nginx deployment optional

v1.2.2 - 2022-08-17

Fixed

• bumped Terraform version in the code

v1.2.1 - 2022-08-02

Fixed

• formatted Nginx metrics annotations and set accurate type

v1.2.0 - 2022-08-01

Added

• namespaces are handled by means of kubernetes provider resources
• helm release can be deployed into a custom namespace

Changed

• pinned minor provider versions
• Helm release deployments are atomic now
• templatefile function is used instead of template data sources
• standardized documentation and changelog

Removed

• dependency on template provider

v1.1 - 2022-07-28

Added

• ingress Nginx LB hostname output

v1.0.2 - 2022-07-07

Fixed

• expose Nginx metrics with proper annotations

v1.0.1 - 2022-05-18

Added

• extra notes about purpose of two Let's Encrypt ClusterIssuers usage

v1.0 - 2022-04-18

Added

• deploy ingress nginx
• deploy cert-manager
• create let's encrypt cluster issuers

From v2.x to v3.x

Now all kubernetes provider resources use versioned resources. According to kubernetes provider's suggestions the simplest, non-destructive way to do this is to remove the old resource from state and import the resource as a version one. If Kubernetes namespaces were managed by the module, they must be re-imported, like so:

 bashterraform state rm module.ingress.kubernetes_namespace.ingress_namespace[0] module.ingress.kubernetes_namespace.certmanager_namespace[0]
terraform import module.ingress.kubernetes_namespace_v1.ingress_namespace[0] ingress-nginx
terraform import module.ingress.kubernetes_namespace_v1.certmanager_namespace[0] cert-manager
terraform state mv 'module.ingress.kubectl_manifest.cluster_issuer["letsencrypt"]' 'module.ingress.module.cluster_issuer["letsencrypt"].kubectl_manifest.crd'
terraform state mv 'module.ingress.kubectl_manifest.cluster_issuer["letsencrypt-staging"]' 'module.ingress.module.cluster_issuer["letsencrypt-staging"].kubectl_manifest.crd'
terraform state mv 'module.ingress.kubectl_manifest.cluster_issuer["selfsigned"]' 'module.ingress.module.cluster_issuer["selfsigned"].kubectl_manifest.crd'

From v3.x to v4.x

Now all custom_values are declared as lists of objects. In case if there were already declared custom_values in the module inputs, then they must be updated:

 hcl    # Old definition                        |     # New definition 
    custom_values = {                       |     custom_values = [
      "controller.containerPort" = 8080     |       {
    }                                       |         name  = "controller.containerPort"
                                            |         value = 8080
                                            |       },
                                            |     ]

If there weren't any custom_values declared (neither for Ingress Nginx nor cert-manager), no actions are needed.

From v4.x to v5.x

Now cert-manager setup is managed by the child module. Cert-manager resource addresses will be moved automatically with moved blocks. Ingress Nginx deployment is mandatory now. Manual removal of the input variable var.ingress_nginx.enabled is mandatory. Variable var.cert_manager.acme_email must be changed to the var.acme_email.