Skip to content

neko1101/terraform-kubernetes-linkerd2

BranchesTags

Repository files navigation

Terraform Kubernetes Linkerd2

An unofficial Linkerd2 Terraform Module for Kubernetes Cluster

Dependency

  • Cert manager must be enabled in your cluster.

How to use?

  1. Setup module.
module "linkerd2" {
  source  = "neko1101/linkerd2/kubernetes"
  version = "1.0.0"
}
  1. Apply
terraform init
terraform plan
terraform deploy

Highlights

  • Automated cert creation and signing.
  • Automated TLS rotation by Cert Manager.
  • Long-lived CA by default (20 Years).
  • Modular Kubernetes related configurations.
  • Modular Helm artifact version.
  • Saves time.

Requirements

Name Version
helm >= 2.13.2
kubernetes >= 2.30.0
time >= 0.11.1

Providers

Name Version
helm 2.13.2
kubernetes 2.30.0
time 0.11.1
tls 4.0.5

Modules

No modules.

Resources

Name Type
helm_release.linkerd_control_plane resource
helm_release.linkerd_crds resource
helm_release.linkerd_viz resource
kubernetes_manifest.linkerd_identity_issuer_certificate resource
kubernetes_manifest.linkerd_policy_validator_certificate resource
kubernetes_manifest.linkerd_proxy_injector_certificate resource
kubernetes_manifest.linkerd_root_ca_issuer resource
kubernetes_manifest.linkerd_sp_validator_certificate resource
kubernetes_manifest.linkerd_tap_injector_certificate resource
kubernetes_manifest.linkerd_viz_certificate resource
kubernetes_manifest.linkerd_viz_issuer resource
kubernetes_manifest.linkerd_webhook_issuer resource
kubernetes_namespace.linkerd resource
kubernetes_namespace.linkerd_viz resource
kubernetes_secret.linkerd_root_ca resource
kubernetes_secret.linkerd_viz_root_ca resource
kubernetes_secret.linkerd_webhook_root_ca resource
time_sleep.wait_control_plane_certificate_provisioning resource
time_sleep.wait_viz_certificate_provisioning resource
time_sleep.wait_webhook_certificate_provisioning resource
tls_private_key.linkerd_private_key resource
tls_private_key.linkerd_viz_private_key resource
tls_private_key.linkerd_webhook_private_key resource
tls_self_signed_cert.linkerd_root_ca resource
tls_self_signed_cert.linkerd_viz_root_ca resource
tls_self_signed_cert.linkerd_webhook_root_ca resource
kubernetes_secret.linkerd_identity_issuer_certificate data source
kubernetes_secret.linkerd_policy_validator_certificate data source
kubernetes_secret.linkerd_proxy_injector_certificate data source
kubernetes_secret.linkerd_sp_validator_certificate data source
kubernetes_secret.linkerd_tap_injector_certificate data source
kubernetes_secret.linkerd_viz_certificate data source

Inputs

Name Description Type Default Required
control_plane_ca_validity Control plane Issuer CA validity in hours eg: 175200 for 20 years string "175200" no
control_plane_cert_duration Control plane TLS cert duration eg: 24h0m0s string "72h0m0s" no
control_plane_cert_renew_before Control plane TLS cert renew before eg: 1h0m0s string "24h0m0s" no
control_plane_enable_pod_anti_affinity Control plane enable podAntiAffinity bool false no
control_plane_enable_pod_distruption_budget Control plane enable podDisruptionBudget bool false no
control_plane_helm_version Control plane helm version string "1.16.10" no
control_plane_namespace Control plane namespace string "linkerd" no
control_plane_replica_count Control plane replica count number 1 no
crds_helm_vesion Crds helm version string "1.8.0" no
dashboard_replica_count Dashboard replica count number 1 no
kubernetes Kubernetes config map(string) 
{
  "config_context": "my-context",
  "config_path": "~/.kube/config"
}
 no
linkerd_repository stable | edge | enterprise string "stable" no
metrics_replica_count Metrics api replica count number 1 no
tap_injector_replica_count Tap injector replica count number 1 no
tap_replica_count Tap replica count number 1 no
viz_ca_validity Viz Issuer CA validity in hours eg: 175200 for 20 years string "175200" no
viz_cert_duration Viz TLS cert duration eg: 24h0m0s string "48h0m0s" no
viz_cert_renew_before Viz TLS cert renew before eg: 1h0m0s string "24h0m0s" no
viz_enable_pod_anti_affinity Viz enable podAntiAffinity bool false no
viz_enable_pod_distruption_budget Viz enable podDisruptionBudget bool false no
viz_enabled Toggle Linkerd Viz deployment bool true no
viz_helm_version Viz helm version string "30.12.10" no
viz_namespace Viz namespace string "linkerd-viz" no
webhook_ca_validity Webhook Issuer CA validity in hours eg: 175200 for 20 years string "175200" no
webhook_cert_duration Webhook TLS cert duration eg: 24h0m0s string "48h0m0s" no
webhook_cert_renew_before Webhook TLS cert renew before eg: 1h0m0s string "24h0m0s" no

Outputs

No outputs.

About

An unofficial Linkerd2 Terraform Module for Kubernetes Cluster.

Topics

kubernetes terraform linkerd2

Resources

Readme

License

Unlicense license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy