Terraform Kubernetes Linkerd2

An unofficial Linkerd2 Terraform Module for Kubernetes Cluster

Dependency

Cert manager must be enabled in your cluster.

How to use?

Setup module.

module "linkerd2" {
  source  = "neko1101/linkerd2/kubernetes"
  version = "1.0.0"
}

Apply

terraform init
terraform plan
terraform deploy

Highlights

Automated cert creation and signing.
Automated TLS rotation by Cert Manager.
Long-lived CA by default (20 Years).
Modular Kubernetes related configurations.
Modular Helm artifact version.
Saves time.

Requirements

Name	Version
helm	>= 2.13.2
kubernetes	>= 2.30.0
time	>= 0.11.1

Providers

Name	Version
helm	2.13.2
kubernetes	2.30.0
time	0.11.1
tls	4.0.5

Modules

No modules.

Resources

Name	Type
helm_release.linkerd_control_plane	resource
helm_release.linkerd_crds	resource
helm_release.linkerd_viz	resource
kubernetes_manifest.linkerd_identity_issuer_certificate	resource
kubernetes_manifest.linkerd_policy_validator_certificate	resource
kubernetes_manifest.linkerd_proxy_injector_certificate	resource
kubernetes_manifest.linkerd_root_ca_issuer	resource
kubernetes_manifest.linkerd_sp_validator_certificate	resource
kubernetes_manifest.linkerd_tap_injector_certificate	resource
kubernetes_manifest.linkerd_viz_certificate	resource
kubernetes_manifest.linkerd_viz_issuer	resource
kubernetes_manifest.linkerd_webhook_issuer	resource
kubernetes_namespace.linkerd	resource
kubernetes_namespace.linkerd_viz	resource
kubernetes_secret.linkerd_root_ca	resource
kubernetes_secret.linkerd_viz_root_ca	resource
kubernetes_secret.linkerd_webhook_root_ca	resource
time_sleep.wait_control_plane_certificate_provisioning	resource
time_sleep.wait_viz_certificate_provisioning	resource
time_sleep.wait_webhook_certificate_provisioning	resource
tls_private_key.linkerd_private_key	resource
tls_private_key.linkerd_viz_private_key	resource
tls_private_key.linkerd_webhook_private_key	resource
tls_self_signed_cert.linkerd_root_ca	resource
tls_self_signed_cert.linkerd_viz_root_ca	resource
tls_self_signed_cert.linkerd_webhook_root_ca	resource
kubernetes_secret.linkerd_identity_issuer_certificate	data source
kubernetes_secret.linkerd_policy_validator_certificate	data source
kubernetes_secret.linkerd_proxy_injector_certificate	data source
kubernetes_secret.linkerd_sp_validator_certificate	data source
kubernetes_secret.linkerd_tap_injector_certificate	data source
kubernetes_secret.linkerd_viz_certificate	data source

Inputs

Name	Description	Type	Default	Required
control_plane_ca_validity	Control plane Issuer CA validity in hours eg: 175200 for 20 years	`string`	`"175200"`	no
control_plane_cert_duration	Control plane TLS cert duration eg: 24h0m0s	`string`	`"72h0m0s"`	no
control_plane_cert_renew_before	Control plane TLS cert renew before eg: 1h0m0s	`string`	`"24h0m0s"`	no
control_plane_enable_pod_anti_affinity	Control plane enable podAntiAffinity	`bool`	`false`	no
control_plane_enable_pod_distruption_budget	Control plane enable podDisruptionBudget	`bool`	`false`	no
control_plane_helm_version	Control plane helm version	`string`	`"1.16.10"`	no
control_plane_namespace	Control plane namespace	`string`	`"linkerd"`	no
control_plane_replica_count	Control plane replica count	`number`	`1`	no
crds_helm_vesion	Crds helm version	`string`	`"1.8.0"`	no
dashboard_replica_count	Dashboard replica count	`number`	`1`	no
kubernetes	Kubernetes config	`map(string)`	{ "config_context": "my-context", "config_path": "~/.kube/config" }	no
linkerd_repository	stable \| edge \| enterprise	`string`	`"stable"`	no
metrics_replica_count	Metrics api replica count	`number`	`1`	no
tap_injector_replica_count	Tap injector replica count	`number`	`1`	no
tap_replica_count	Tap replica count	`number`	`1`	no
viz_ca_validity	Viz Issuer CA validity in hours eg: 175200 for 20 years	`string`	`"175200"`	no
viz_cert_duration	Viz TLS cert duration eg: 24h0m0s	`string`	`"48h0m0s"`	no
viz_cert_renew_before	Viz TLS cert renew before eg: 1h0m0s	`string`	`"24h0m0s"`	no
viz_enable_pod_anti_affinity	Viz enable podAntiAffinity	`bool`	`false`	no
viz_enable_pod_distruption_budget	Viz enable podDisruptionBudget	`bool`	`false`	no
viz_enabled	Toggle Linkerd Viz deployment	`bool`	`true`	no
viz_helm_version	Viz helm version	`string`	`"30.12.10"`	no
viz_namespace	Viz namespace	`string`	`"linkerd-viz"`	no
webhook_ca_validity	Webhook Issuer CA validity in hours eg: 175200 for 20 years	`string`	`"175200"`	no
webhook_cert_duration	Webhook TLS cert duration eg: 24h0m0s	`string`	`"48h0m0s"`	no
webhook_cert_renew_before	Webhook TLS cert renew before eg: 1h0m0s	`string`	`"24h0m0s"`	no

Outputs

No outputs.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.github		.github
charts		charts
.gitignore		.gitignore
.terraform.lock.hcl		.terraform.lock.hcl
LICENSE		LICENSE
README.md		README.md
TODO.md		TODO.md
locals.tf		locals.tf
main.tf		main.tf
namespaces.tf		namespaces.tf
providers.tf		providers.tf
tls-control-plane.tf		tls-control-plane.tf
tls-viz.tf		tls-viz.tf
tls-webhook.tf		tls-webhook.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Terraform Kubernetes Linkerd2

Dependency

How to use?

Highlights

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

neko1101/terraform-kubernetes-linkerd2

Folders and files

Latest commit

History

Repository files navigation

Terraform Kubernetes Linkerd2

Dependency

How to use?

Highlights

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages