I’m trying to deploy a network endpoint group for SonarQube workload in GKE with Terraform and helm chart.
Here is my helm release resource:
resource "helm_release" "sonar" {
name = "sq-ee-lb-ext-db"
chart = "sonarqube/sonarqube"
namespace = data.kubernetes_namespace.sonarqube.id
timeout = "360"
set {
name = "edition"
value = "enterprise"
}
/**
* External postgres database
*/
set {
name = "jdbcOverwrite.enable"
value = "true"
}
set {
name = "postgresql.enabled"
value = "false"
}
set {
name = "jdbcOverwrite.jdbcUrl"
value = "jdbc:postgresql://<db instance private IP>:5432/sq-ee-lb-ext-db"
}
set {
name = "jdbcOverwrite.jdbcUsername"
value = "<username>"
}
set {
name = "jdbcOverwrite.jdbcPassword"
value = "<password>"
}
/**
* Load balancer
*/
set {
name = "service.type"
value = "NodePort"
}
set {
name = "service.annotations.cloud\\.google\\.com/neg"
value = "exposed_ports: {80:{}}"
}
}
However, this is not how service.annotations should be configured. The error I’m receiving is
Error: admission webhook "neg-annotation.common-webhooks.networking.gke.io" denied the request: error parsing value of NEG annotation "cloud.google.com/neg" on service "sq-ee-lb-ext-db"/"sq-ee-lb-ext-db-sonarqube": NEG annotation is invalid.
What I am trying to replicate is something like this:
resource "kubernetes_service" "owaspjuice" {
metadata {
name = "owaspjuice"
annotations = {
"cloud.google.com/neg" = "{\"exposed_ports\": {\"80\":{}}}"
}
}
spec {
selector = {
test = "owaspjuice"
}
session_affinity = "ClientIP"
port {
port = 80
target_port = 3000
}
type = "NodePort"
}
}
This is another project I deployed that successfully created a network endpoint group and I could hook that up with a gcp external load balancer.
I couldn’t find explanation on the internet the correct Terraform syntax.
Any help is appreciated.