Skip to content

Latest commit

 

History

History
123 lines (108 loc) · 10.7 KB

README.md

File metadata and controls

123 lines (108 loc) · 10.7 KB
Raw

Terraform Kubernetes Linkerd2

An unofficial Linkerd2 Terraform Module for Kubernetes Cluster

Dependency

  • Cert manager must be enabled in your cluster.

How to use?

  1. Setup module.
module "linkerd2" {
  source  = "neko1101/linkerd2/kubernetes"
  version = "1.0.0"
}
  1. Apply
terraform init
terraform plan
terraform deploy

Highlights

  • Automated cert creation and signing.
  • Automated TLS rotation by Cert Manager.
  • Long-lived CA by default (20 Years).
  • Modular Kubernetes related configurations.
  • Modular Helm artifact version.
  • Saves time.

Requirements

Name Version
helm >= 2.13.2
kubernetes >= 2.30.0
time >= 0.11.1

Providers

Name Version
helm 2.13.2
kubernetes 2.30.0
time 0.11.1
tls 4.0.5

Modules

No modules.

Resources

Name Type
helm_release.linkerd_control_plane resource
helm_release.linkerd_crds resource
helm_release.linkerd_viz resource
kubernetes_manifest.linkerd_identity_issuer_certificate resource
kubernetes_manifest.linkerd_policy_validator_certificate resource
kubernetes_manifest.linkerd_proxy_injector_certificate resource
kubernetes_manifest.linkerd_root_ca_issuer resource
kubernetes_manifest.linkerd_sp_validator_certificate resource
kubernetes_manifest.linkerd_tap_injector_certificate resource
kubernetes_manifest.linkerd_viz_certificate resource
kubernetes_manifest.linkerd_viz_issuer resource
kubernetes_manifest.linkerd_webhook_issuer resource
kubernetes_namespace.linkerd resource
kubernetes_namespace.linkerd_viz resource
kubernetes_secret.linkerd_root_ca resource
kubernetes_secret.linkerd_viz_root_ca resource
kubernetes_secret.linkerd_webhook_root_ca resource
time_sleep.wait_control_plane_certificate_provisioning resource
time_sleep.wait_viz_certificate_provisioning resource
time_sleep.wait_webhook_certificate_provisioning resource
tls_private_key.linkerd_private_key resource
tls_private_key.linkerd_viz_private_key resource
tls_private_key.linkerd_webhook_private_key resource
tls_self_signed_cert.linkerd_root_ca resource
tls_self_signed_cert.linkerd_viz_root_ca resource
tls_self_signed_cert.linkerd_webhook_root_ca resource
kubernetes_secret.linkerd_identity_issuer_certificate data source
kubernetes_secret.linkerd_policy_validator_certificate data source
kubernetes_secret.linkerd_proxy_injector_certificate data source
kubernetes_secret.linkerd_sp_validator_certificate data source
kubernetes_secret.linkerd_tap_injector_certificate data source
kubernetes_secret.linkerd_viz_certificate data source

Inputs

Name Description Type Default Required
control_plane_ca_validity Control plane Issuer CA validity in hours eg: 175200 for 20 years string "175200" no
control_plane_cert_duration Control plane TLS cert duration eg: 24h0m0s string "72h0m0s" no
control_plane_cert_renew_before Control plane TLS cert renew before eg: 1h0m0s string "24h0m0s" no
control_plane_enable_pod_anti_affinity Control plane enable podAntiAffinity bool false no
control_plane_enable_pod_distruption_budget Control plane enable podDisruptionBudget bool false no
control_plane_helm_version Control plane helm version string "1.16.10" no
control_plane_namespace Control plane namespace string "linkerd" no
control_plane_replica_count Control plane replica count number 1 no
crds_helm_vesion Crds helm version string "1.8.0" no
dashboard_replica_count Dashboard replica count number 1 no
kubernetes Kubernetes config map(string) 
{
  "config_context": "my-context",
  "config_path": "~/.kube/config"
}
 no
linkerd_repository stable | edge | enterprise string "stable" no
metrics_replica_count Metrics api replica count number 1 no
tap_injector_replica_count Tap injector replica count number 1 no
tap_replica_count Tap replica count number 1 no
viz_ca_validity Viz Issuer CA validity in hours eg: 175200 for 20 years string "175200" no
viz_cert_duration Viz TLS cert duration eg: 24h0m0s string "48h0m0s" no
viz_cert_renew_before Viz TLS cert renew before eg: 1h0m0s string "24h0m0s" no
viz_enable_pod_anti_affinity Viz enable podAntiAffinity bool false no
viz_enable_pod_distruption_budget Viz enable podDisruptionBudget bool false no
viz_enabled Toggle Linkerd Viz deployment bool true no
viz_helm_version Viz helm version string "30.12.10" no
viz_namespace Viz namespace string "linkerd-viz" no
webhook_ca_validity Webhook Issuer CA validity in hours eg: 175200 for 20 years string "175200" no
webhook_cert_duration Webhook TLS cert duration eg: 24h0m0s string "48h0m0s" no
webhook_cert_renew_before Webhook TLS cert renew before eg: 1h0m0s string "24h0m0s" no

Outputs

No outputs.