From b87ba15cf44b99779e914ea9d5fd21822c258c05 Mon Sep 17 00:00:00 2001
From: Hafiz Nor <38586112+neko1101@users.noreply.github.com>
Date: Tue, 21 May 2024 22:16:24 +0800
Subject: [PATCH] chore: lint completed
---
.github/scripts/readme.sh | 1 +
.github/workflows/lint.yaml | 32 +++++++++++
.terraform.lock.hcl | 79 ++++++++++++++++++++++++++++
README.md | 75 +++++++++++++++++++++++++-
locals.tf | 4 +-
main.tf | 102 ++++++++++++++++++------------------
namespaces.tf | 16 +++---
providers.tf | 19 ++-----
tls-control-plane.tf | 26 ++++-----
tls-viz.tf | 36 ++++++-------
tls-webhook.tf | 48 ++++++++---------
variables.tf | 26 ++++-----
12 files changed, 319 insertions(+), 145 deletions(-)
create mode 100644 .github/scripts/readme.sh
create mode 100644 .github/workflows/lint.yaml
create mode 100644 .terraform.lock.hcl
diff --git a/.github/scripts/readme.sh b/.github/scripts/readme.sh
new file mode 100644
index 0000000..6c2cf6f
--- /dev/null
+++ b/.github/scripts/readme.sh
@@ -0,0 +1 @@
+markdown table --output-file README.md --output-mode inject ./
\ No newline at end of file
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
new file mode 100644
index 0000000..8ca0d96
--- /dev/null
+++ b/.github/workflows/lint.yaml
@@ -0,0 +1,32 @@
+name: Lint
+on: [push, pull_request]
+
+jobs:
+ tflint:
+ name: TFLint
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@master
+ - name: TFLint
+ uses: docker://wata727/tflint
+
+ fmt:
+ name: Code Format
+ runs-on: ubuntu-latest
+ container:
+ image: hashicorp/terraform:latest
+ steps:
+ - uses: actions/checkout@master
+ - run: terraform fmt --recursive -check=true
+
+ validate:
+ name: Validate
+ runs-on: ubuntu-latest
+ container:
+ image: hashicorp/terraform:0.13.2
+ steps:
+ - uses: actions/checkout@master
+ - name: Validate Code
+ run: |
+ terraform init
+ terraform validate
\ No newline at end of file
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..de20d05
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,79 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+ version = "2.13.2"
+ hashes = [
+ "h1:KHLdE3Xb4XbLCWwCSArYcXulYyBJKTFizaIzBiYVJxQ=",
+ "zh:06c0663031ef5aa19e238fe50be5d3cbf5fb00548d2b26e779c607dfd2dc69a7",
+ "zh:1850b8f2e729553ba8b96d69dce035b814ce959c6805c25484f407c4e720c497",
+ "zh:1ec76814a99461cd79ee4c879ed455ab338a3cb9e63fbe9308f91b5515e72e42",
+ "zh:78546b2f0b2e9072370c017d8056a2ffda908c2e463d2792244e4be6562ab772",
+ "zh:9205eef438aa3d5e49505655b7c300f7cecfa30f8fa37ed84679f674420403f2",
+ "zh:9335c7300675e5088ab4090af3c8150701c0bb8ea67ad23ebd753f6ab3a922a9",
+ "zh:9722d8b419e9615a04b8fc9acb50e52d6ba988c7565cc517bc16faa0a9e895b3",
+ "zh:aa93d9fc7db91f261b6e41970453926341eaa4222c1b8d507cdeabd0be0af4eb",
+ "zh:c59a2af538de99c37e4ffe988f33633a9fb064e5360230adac5f6eb0fd473be8",
+ "zh:d6323f61f255131a7d9f5a645982eb0f0d12f685270f54beade95c0b51a7a6c9",
+ "zh:e7f46dd2aac9537d20aaac217806f2ebb3a347aaf6bbd28192c042286103635c",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+ version = "2.30.0"
+ hashes = [
+ "h1:+Je5UPTWMmO4eG5ep1WfujkXQI9tDk0OsMU4olU76Bg=",
+ "zh:06531333a72fe6d2829f37a328e08a3fc4ed66226344a003b62418a834ac6c69",
+ "zh:34480263939ef5007ce65c9f4945df5cab363f91e5260ae552bcd9f2ffeed444",
+ "zh:59e71f9177da570c33507c44828288264c082d512138c5755800f2cd706c62bc",
+ "zh:6e979b0c07326f9c8d1999096a920322d22261ca61d346b3a9775283d00a2fa5",
+ "zh:73e3f228de0077b5c0a84ec5b1ada507fbb3456cba35a6b5758723f77715b7af",
+ "zh:79e0de985159c056f001cc47a654620d51f5d55f554bcbcde1fe7d52f667db40",
+ "zh:8accb9100f609377db42e3ced42cc9d5c36065a06644dfb21d3893bb8d4797fd",
+ "zh:9f99aa0bf5caa4223a7dbf5d22d71c16083e782c4eea4b0130abfd6e6f1cec18",
+ "zh:bcb2ad76ad05ec23f8da62231a2360d1f70bbcd28abd06b8458a9e2f17da7873",
+ "zh:bce317d7790c2d3c4e724726dc78070db28daf7d861faa646fc891fe28842a29",
+ "zh:ed0a8e7fa8a1c419a19840b421d18200c3a63cf16ccbcbc400cb375d5397f615",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+ version = "0.11.1"
+ constraints = "0.11.1"
+ hashes = [
+ "h1:pQGSL9mdgw4qsLndFYsEF93mbsIxyxNoAyIbBqhS3Xo=",
+ "zh:19a393db736ec4fd024d098d55aefaef07056c37a448ece3b55b3f5f4c2c7e4a",
+ "zh:227fa1e221de2907f37be78d40c06ca6a6f7b243a1ec33ade014dfaf6d92cd9c",
+ "zh:29970fecbf4a3ca23bacbb05d6b90cdd33dd379f90059fe39e08289951502d9f",
+ "zh:65024596f22f10e7dcb5e0e4a75277f275b529daa0bc0daf34ca7901c678ab88",
+ "zh:694d080cb5e3bf5ef08c7409208d061c135a4f5f4cdc93ea8607860995264b2e",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:b29d15d13e1b3412e6a4e1627d378dbd102659132f7488f64017dd6b6d5216d3",
+ "zh:bb79f4cae9f8c17c73998edc54aa16c2130a03227f7f4e71fc6ac87e230575ec",
+ "zh:ceccf80e95929d97f62dcf1bb3c7c7553d5757b2d9e7d222518722fc934f7ad5",
+ "zh:f40e638336527490e294d9c938ae55919069e6987e85a80506784ba90348792a",
+ "zh:f99ef33b1629a3b2278201142a3011a8489e66d92da832a5b99e442204de18fb",
+ "zh:fded14754ea46fdecc62a52cd970126420d4cd190e598cb61190b4724a727edb",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+ version = "4.0.5"
+ hashes = [
+ "h1:zeG5RmggBZW/8JWIVrdaeSJa0OG62uFX5HY1eE8SjzY=",
+ "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e",
+ "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32",
+ "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b",
+ "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a",
+ "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a",
+ "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e",
+ "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc",
+ "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9",
+ "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4",
+ "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8",
+ "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
diff --git a/README.md b/README.md
index 39764f9..14bf7d1 100644
--- a/README.md
+++ b/README.md
@@ -10,4 +10,77 @@ A non-official Linkerd2 Terraform Module
5. viz toggle
6. jaeger toggle
7. viz ingress toggle
-8. modular self-sign tls commonname
\ No newline at end of file
+8. modular self-sign tls commonname
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [time](#requirement\_time) | 0.11.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [helm](#provider\_helm) | n/a |
+| [kubernetes](#provider\_kubernetes) | n/a |
+| [time](#provider\_time) | 0.11.1 |
+| [tls](#provider\_tls) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [helm_release.linkerd_control_plane](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.linkerd_crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.linkerd_viz](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_manifest.linkerd_identity_issuer_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_policy_validator_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_proxy_injector_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_root_ca_issuer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_sp_validator_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_tap_injector_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_viz_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_viz_issuer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_manifest.linkerd_webhook_issuer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
+| [kubernetes_namespace.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.linkerd_viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_secret.linkerd_root_ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_secret.linkerd_viz_root_ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_secret.linkerd_webhook_root_ca](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [time_sleep.wait_control_plane_certificate_provisioning](https://registry.terraform.io/providers/hashicorp/time/0.11.1/docs/resources/sleep) | resource |
+| [time_sleep.wait_viz_certificate_provisioning](https://registry.terraform.io/providers/hashicorp/time/0.11.1/docs/resources/sleep) | resource |
+| [time_sleep.wait_webhook_certificate_provisioning](https://registry.terraform.io/providers/hashicorp/time/0.11.1/docs/resources/sleep) | resource |
+| [tls_private_key.linkerd_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [tls_private_key.linkerd_viz_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [tls_private_key.linkerd_webhook_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [tls_self_signed_cert.linkerd_root_ca](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
+| [tls_self_signed_cert.linkerd_viz_root_ca](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
+| [tls_self_signed_cert.linkerd_webhook_root_ca](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
+| [kubernetes_secret.linkerd_identity_issuer_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
+| [kubernetes_secret.linkerd_policy_validator_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
+| [kubernetes_secret.linkerd_proxy_injector_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
+| [kubernetes_secret.linkerd_sp_validator_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
+| [kubernetes_secret.linkerd_tap_injector_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
+| [kubernetes_secret.linkerd_viz_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/secret) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [control\_plane\_helm\_version](#input\_control\_plane\_helm\_version) | Control plane helm version | `string` | `"1.16.11"` | no |
+| [control\_plane\_namespace](#input\_control\_plane\_namespace) | Control plane namespace | `string` | `"linkerd"` | no |
+| [crds\_helm\_vesion](#input\_crds\_helm\_vesion) | Crds helm version | `string` | `"1.8.0"` | no |
+| [kubernetes](#input\_kubernetes) | n/a | object({
host : string,
cluster_ca_certificate : string,
token : string,
}) | n/a | yes |
+| [linkerd\_repository](#input\_linkerd\_repository) | stable \| edge \| enterprise | `string` | `"stable"` | no |
+| [viz\_helm\_version](#input\_viz\_helm\_version) | Viz helm version | `string` | `"30.12.11"` | no |
+| [viz\_namespace](#input\_viz\_namespace) | Viz namespace | `string` | `"linkerd-viz"` | no |
+
+## Outputs
+
+No outputs.
+
\ No newline at end of file
diff --git a/locals.tf b/locals.tf
index 25f3d09..5825da4 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,7 +1,7 @@
locals {
linkerd_repository = {
- stable = "https://helm.linkerd.io/stable"
- edge = "https://helm.linkerd.io/edge"
+ stable = "https://helm.linkerd.io/stable"
+ edge = "https://helm.linkerd.io/edge"
enterprise = "https://helm.buoyant.cloud"
}
}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index db17526..c86b357 100644
--- a/main.tf
+++ b/main.tf
@@ -1,84 +1,84 @@
## Linkerd crds
resource "helm_release" "linkerd_crds" {
- name = "linkerd-crds"
- repository = local.linkerd_repository[var.linkerd_repository]
- chart = "linkerd-crds"
- version = var.crds_helm_vesion
- namespace = kubernetes_namespace.linkerd.id
- create_namespace = false
+ name = "linkerd-crds"
+ repository = local.linkerd_repository[var.linkerd_repository]
+ chart = "linkerd-crds"
+ version = var.crds_helm_vesion
+ namespace = kubernetes_namespace.linkerd.id
+ create_namespace = false
}
## Cert data
data "kubernetes_secret" "linkerd_identity_issuer_certificate" {
metadata {
- name = kubernetes_manifest.linkerd_identity_issuer_certificate.manifest.spec.secretName
+ name = kubernetes_manifest.linkerd_identity_issuer_certificate.manifest.spec.secretName
namespace = kubernetes_namespace.linkerd.id
}
- depends_on = [ time_sleep.wait_control_plane_certificate_provisioning ]
+ depends_on = [time_sleep.wait_control_plane_certificate_provisioning]
}
data "kubernetes_secret" "linkerd_policy_validator_certificate" {
metadata {
- name = kubernetes_manifest.linkerd_policy_validator_certificate.manifest.spec.secretName
+ name = kubernetes_manifest.linkerd_policy_validator_certificate.manifest.spec.secretName
namespace = kubernetes_namespace.linkerd.id
}
- depends_on = [ time_sleep.wait_webhook_certificate_provisioning ]
+ depends_on = [time_sleep.wait_webhook_certificate_provisioning]
}
data "kubernetes_secret" "linkerd_proxy_injector_certificate" {
metadata {
- name = kubernetes_manifest.linkerd_proxy_injector_certificate.manifest.spec.secretName
+ name = kubernetes_manifest.linkerd_proxy_injector_certificate.manifest.spec.secretName
namespace = kubernetes_namespace.linkerd.id
}
- depends_on = [ time_sleep.wait_webhook_certificate_provisioning ]
+ depends_on = [time_sleep.wait_webhook_certificate_provisioning]
}
data "kubernetes_secret" "linkerd_sp_validator_certificate" {
metadata {
- name = kubernetes_manifest.linkerd_sp_validator_certificate.manifest.spec.secretName
+ name = kubernetes_manifest.linkerd_sp_validator_certificate.manifest.spec.secretName
namespace = kubernetes_namespace.linkerd.id
}
- depends_on = [ time_sleep.wait_webhook_certificate_provisioning ]
+ depends_on = [time_sleep.wait_webhook_certificate_provisioning]
}
data "kubernetes_secret" "linkerd_viz_certificate" {
metadata {
- name = kubernetes_manifest.linkerd_viz_certificate.manifest.spec.secretName
+ name = kubernetes_manifest.linkerd_viz_certificate.manifest.spec.secretName
namespace = kubernetes_namespace.linkerd_viz.id
}
- depends_on = [ time_sleep.wait_viz_certificate_provisioning ]
+ depends_on = [time_sleep.wait_viz_certificate_provisioning]
}
data "kubernetes_secret" "linkerd_tap_injector_certificate" {
metadata {
- name = kubernetes_manifest.linkerd_tap_injector_certificate.manifest.spec.secretName
+ name = kubernetes_manifest.linkerd_tap_injector_certificate.manifest.spec.secretName
namespace = kubernetes_namespace.linkerd_viz.id
}
- depends_on = [ time_sleep.wait_certificate_provisioning ]
+ depends_on = [time_sleep.wait_viz_certificate_provisioning]
}
## Linkerd Control Plane
resource "helm_release" "linkerd_control_plane" {
- name = "linkerd-control-plane"
- repository = local.linkerd_repository[var.linkerd_repository]
- chart = "linkerd-control-plane"
- version = var.control_plane_helm_version
- namespace = kubernetes_namespace.linkerd.id
+ name = "linkerd-control-plane"
+ repository = local.linkerd_repository[var.linkerd_repository]
+ chart = "linkerd-control-plane"
+ version = var.control_plane_helm_version
+ namespace = kubernetes_namespace.linkerd.id
create_namespace = false
values = coalesce([
- file("${path.module}/charts/linkerd-control-plane/values.yml"),
- file("${path.module}/charts/linkerd-control-plane/values-ha.yml"),
+ file("${path.module}/charts/linkerd-control-plane/values.yaml"),
+ file("${path.module}/charts/linkerd-control-plane/values-ha.yaml"),
])
set {
- name = "cniEnabled"
+ name = "cniEnabled"
value = "true"
}
@@ -86,48 +86,48 @@ resource "helm_release" "linkerd_control_plane" {
name = "highAvailability"
value = "true"
}
-
+
set_sensitive {
- name = "identityTrustAnchorsPEM"
+ name = "identityTrustAnchorsPEM"
value = data.kubernetes_secret.linkerd_identity_issuer_certificate.data["ca.crt"]
}
set {
- name = "identity.issuer.scheme"
+ name = "identity.issuer.scheme"
value = "kubernetes.io/tls"
}
set {
- name = "proxyInjector.externalSecret"
+ name = "proxyInjector.externalSecret"
value = "true"
}
set {
- name = "profileValidator.externalSecret"
+ name = "profileValidator.externalSecret"
value = "true"
}
-
+
set {
- name = "policyValidator.externalSecret"
+ name = "policyValidator.externalSecret"
value = "true"
}
set_sensitive {
- name = "proxyInjector.caBundle"
+ name = "proxyInjector.caBundle"
value = data.kubernetes_secret.linkerd_proxy_injector_certificate.data["ca.crt"]
}
set_sensitive {
- name = "profileValidator.caBundle"
+ name = "profileValidator.caBundle"
value = data.kubernetes_secret.linkerd_sp_validator_certificate.data["ca.crt"]
- }
+ }
set_sensitive {
- name = "policyValidator.caBundle"
+ name = "policyValidator.caBundle"
value = data.kubernetes_secret.linkerd_policy_validator_certificate.data["ca.crt"]
}
- depends_on = [
+ depends_on = [
helm_release.linkerd_crds,
data.kubernetes_secret.linkerd_identity_issuer_certificate,
data.kubernetes_secret.linkerd_proxy_injector_certificate,
@@ -138,39 +138,39 @@ resource "helm_release" "linkerd_control_plane" {
## Linkerd Viz
resource "helm_release" "linkerd_viz" {
- name = "linkerd-viz"
- repository = local.linkerd_repository[var.linkerd_repository]
- chart = "linkerd-viz"
- version = var.viz_helm_version
- namespace = kubernetes_namespace.linkerd_viz.id
- create_namespace = false
+ name = "linkerd-viz"
+ repository = local.linkerd_repository[var.linkerd_repository]
+ chart = "linkerd-viz"
+ version = var.viz_helm_version
+ namespace = kubernetes_namespace.linkerd_viz.id
+ create_namespace = false
values = coalesce([
- file("${path.module}/charts/linkerd-viz/values.yml"),
- file("${path.module}/charts/linkerd-viz/values-ha.yml"),
+ file("${path.module}/charts/linkerd-viz/values.yaml"),
+ file("${path.module}/charts/linkerd-viz/values-ha.yaml"),
])
set {
- name = "tap.externalSecret"
+ name = "tap.externalSecret"
value = "true"
}
set {
- name = "tapInjector.externalSecret"
+ name = "tapInjector.externalSecret"
value = "true"
}
set_sensitive {
- name = "tap.caBundle"
+ name = "tap.caBundle"
value = data.kubernetes_secret.linkerd_viz_certificate.data["ca.crt"]
}
set_sensitive {
- name = "tapInjector.caBundle"
+ name = "tapInjector.caBundle"
value = data.kubernetes_secret.linkerd_tap_injector_certificate.data["ca.crt"]
}
- depends_on = [
+ depends_on = [
data.kubernetes_secret.linkerd_viz_certificate,
data.kubernetes_secret.linkerd_tap_injector_certificate,
helm_release.linkerd_control_plane
diff --git a/namespaces.tf b/namespaces.tf
index 701c216..42c0349 100644
--- a/namespaces.tf
+++ b/namespaces.tf
@@ -1,25 +1,25 @@
resource "kubernetes_namespace" "linkerd" {
metadata {
- name = "${var.control_plane_namespace}"
+ name = var.control_plane_namespace
labels = {
"config.linkerd.io/admission-webhooks" = "disabled"
- "linkerd.io/is-control-plane" = "true"
- "linkerd.io/control-plane-ns" = "${var.control_plane_namespace}"
- }
+ "linkerd.io/is-control-plane" = "true"
+ "linkerd.io/control-plane-ns" = "${var.control_plane_namespace}"
+ }
annotations = {
"linkerd.io/inject" = "disabled"
- "meta.helm.sh/release-name": "linkerd2"
- "meta.helm.sh/release-namespace": "${var.control_plane_namespace}"
+ "meta.helm.sh/release-name" : "linkerd2"
+ "meta.helm.sh/release-namespace" : "${var.control_plane_namespace}"
}
}
}
resource "kubernetes_namespace" "linkerd_viz" {
metadata {
- name = "${var.viz_namespace}"
+ name = var.viz_namespace
labels = {
"linkerd.io/extension" = "viz"
- }
+ }
}
}
\ No newline at end of file
diff --git a/providers.tf b/providers.tf
index 752ff79..5190658 100644
--- a/providers.tf
+++ b/providers.tf
@@ -1,8 +1,5 @@
terraform {
required_providers {
- azurerm = {
- source = "hashicorp/azurerm"
- }
kubernetes = {
source = "hashicorp/kubernetes"
}
@@ -10,26 +7,18 @@ terraform {
source = "hashicorp/helm"
}
time = {
- source = "hashicorp/time"
+ source = "hashicorp/time"
version = "0.11.1"
}
}
-}
-
-provider "azurerm" {
- features {}
-}
-
-terraform {
- backend "azurerm" {}
}
provider "time" {}
provider "kubernetes" {
- host = var.kubernetes.host
- cluster_ca_certificate = var.kubernetes.cluster_ca_certificate
- token = var.kubernetes.token
+ host = var.kubernetes.host
+ cluster_ca_certificate = var.kubernetes.cluster_ca_certificate
+ token = var.kubernetes.token
}
provider "helm" {
diff --git a/tls-control-plane.tf b/tls-control-plane.tf
index 3f8ac5e..01e4710 100644
--- a/tls-control-plane.tf
+++ b/tls-control-plane.tf
@@ -8,8 +8,8 @@ resource "tls_self_signed_cert" "linkerd_root_ca" {
is_ca_certificate = true
set_subject_key_id = true
validity_period_hours = 175200 # 20 years
- dns_names = ["root.linkerd.cluster.local"]
-
+ dns_names = ["root.linkerd.cluster.local"]
+
subject {
common_name = "root.linkerd.cluster.local"
}
@@ -22,7 +22,7 @@ resource "tls_self_signed_cert" "linkerd_root_ca" {
resource "kubernetes_secret" "linkerd_root_ca" {
metadata {
- name = "linkerd-trust-anchor"
+ name = "linkerd-trust-anchor"
namespace = kubernetes_namespace.linkerd.id
}
@@ -37,14 +37,14 @@ resource "kubernetes_secret" "linkerd_root_ca" {
resource "kubernetes_manifest" "linkerd_root_ca_issuer" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Issuer"
+ "kind" = "Issuer"
"metadata" = {
- "name" = "linkerd-trust-anchor"
+ "name" = "linkerd-trust-anchor"
"namespace" = "${kubernetes_namespace.linkerd.id}"
}
- "spec" ={
+ "spec" = {
"ca" = {
- "secretName": "${kubernetes_secret.linkerd_root_ca.metadata[0].name}"
+ "secretName" : "${kubernetes_secret.linkerd_root_ca.metadata[0].name}"
}
}
}
@@ -52,17 +52,17 @@ resource "kubernetes_manifest" "linkerd_root_ca_issuer" {
resource "kubernetes_manifest" "linkerd_identity_issuer_certificate" {
computed_fields = ["spec.duration", "spec.renewBefore", "spec.isCA"]
-
+
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Certificate"
+ "kind" = "Certificate"
"metadata" = {
- "name" = "linkerd-identity-issuer"
+ "name" = "linkerd-identity-issuer"
"namespace" = "${kubernetes_namespace.linkerd.id}"
}
"spec" = {
- "secretName" = "linkerd-identity-issuer"
- "duration" = "48h0m0s"
+ "secretName" = "linkerd-identity-issuer"
+ "duration" = "48h0m0s"
"renewBefore" = "6h0m0s"
"issuerRef" = {
"name" = "linkerd-trust-anchor"
@@ -85,7 +85,7 @@ resource "kubernetes_manifest" "linkerd_identity_issuer_certificate" {
}
}
- depends_on = [ kubernetes_manifest.linkerd_root_ca_issuer ]
+ depends_on = [kubernetes_manifest.linkerd_root_ca_issuer]
}
resource "time_sleep" "wait_control_plane_certificate_provisioning" {
diff --git a/tls-viz.tf b/tls-viz.tf
index 092ed6a..b8d4bf1 100644
--- a/tls-viz.tf
+++ b/tls-viz.tf
@@ -8,8 +8,8 @@ resource "tls_self_signed_cert" "linkerd_viz_root_ca" {
is_ca_certificate = true
set_subject_key_id = true
validity_period_hours = 175200 # 20 years
- dns_names = ["webhook.linkerd.cluster.local"]
-
+ dns_names = ["webhook.linkerd.cluster.local"]
+
subject {
common_name = "webhook.linkerd.cluster.local"
}
@@ -22,7 +22,7 @@ resource "tls_self_signed_cert" "linkerd_viz_root_ca" {
resource "kubernetes_secret" "linkerd_viz_root_ca" {
metadata {
- name = "webhook-issuer-tls"
+ name = "webhook-issuer-tls"
namespace = kubernetes_namespace.linkerd_viz.id
}
@@ -37,14 +37,14 @@ resource "kubernetes_secret" "linkerd_viz_root_ca" {
resource "kubernetes_manifest" "linkerd_viz_issuer" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Issuer"
+ "kind" = "Issuer"
"metadata" = {
- "name" = "webhook-issuer"
+ "name" = "webhook-issuer"
"namespace" = "${kubernetes_namespace.linkerd_viz.id}"
}
- "spec" ={
+ "spec" = {
"ca" = {
- "secretName": "${kubernetes_secret.linkerd_viz_root_ca.metadata[0].name}"
+ "secretName" : "${kubernetes_secret.linkerd_viz_root_ca.metadata[0].name}"
}
}
}
@@ -55,14 +55,14 @@ resource "kubernetes_manifest" "linkerd_viz_certificate" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Certificate"
+ "kind" = "Certificate"
"metadata" = {
- "name" = "tap"
+ "name" = "tap"
"namespace" = "${kubernetes_namespace.linkerd_viz.id}"
}
"spec" = {
- "secretName" = "tap-k8s-tls"
- "duration" = "24h0m0s"
+ "secretName" = "tap-k8s-tls"
+ "duration" = "24h0m0s"
"renewBefore" = "1h0m0s"
"issuerRef" = {
"name" = "webhook-issuer"
@@ -82,7 +82,7 @@ resource "kubernetes_manifest" "linkerd_viz_certificate" {
}
}
- depends_on = [ kubernetes_manifest.linkerd_viz_issuer ]
+ depends_on = [kubernetes_manifest.linkerd_viz_issuer]
}
resource "kubernetes_manifest" "linkerd_tap_injector_certificate" {
@@ -90,14 +90,14 @@ resource "kubernetes_manifest" "linkerd_tap_injector_certificate" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Certificate"
+ "kind" = "Certificate"
"metadata" = {
- "name" = "linkerd-tap-injector"
+ "name" = "linkerd-tap-injector"
"namespace" = "${kubernetes_namespace.linkerd_viz.id}"
}
"spec" = {
- "secretName" = "tap-injector-k8s-tls"
- "duration" = "24h0m0s"
+ "secretName" = "tap-injector-k8s-tls"
+ "duration" = "24h0m0s"
"renewBefore" = "1h0m0s"
"issuerRef" = {
"name" = "webhook-issuer"
@@ -116,8 +116,8 @@ resource "kubernetes_manifest" "linkerd_tap_injector_certificate" {
]
}
}
-
- depends_on = [ kubernetes_manifest.linkerd_viz_issuer ]
+
+ depends_on = [kubernetes_manifest.linkerd_viz_issuer]
}
resource "time_sleep" "wait_viz_certificate_provisioning" {
diff --git a/tls-webhook.tf b/tls-webhook.tf
index 5ee6df5..f9a60f5 100644
--- a/tls-webhook.tf
+++ b/tls-webhook.tf
@@ -8,8 +8,8 @@ resource "tls_self_signed_cert" "linkerd_webhook_root_ca" {
is_ca_certificate = true
set_subject_key_id = true
validity_period_hours = 175200 # 20 years
- dns_names = ["webhook.linkerd.cluster.local"]
-
+ dns_names = ["webhook.linkerd.cluster.local"]
+
subject {
common_name = "webhook.linkerd.cluster.local"
}
@@ -22,7 +22,7 @@ resource "tls_self_signed_cert" "linkerd_webhook_root_ca" {
resource "kubernetes_secret" "linkerd_webhook_root_ca" {
metadata {
- name = "webhook-issuer-tls"
+ name = "webhook-issuer-tls"
namespace = kubernetes_namespace.linkerd.id
}
@@ -37,14 +37,14 @@ resource "kubernetes_secret" "linkerd_webhook_root_ca" {
resource "kubernetes_manifest" "linkerd_webhook_issuer" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Issuer"
+ "kind" = "Issuer"
"metadata" = {
- "name" = "webhook-issuer"
+ "name" = "webhook-issuer"
"namespace" = "${kubernetes_namespace.linkerd.id}"
}
- "spec" ={
+ "spec" = {
"ca" = {
- "secretName": "${kubernetes_secret.linkerd_webhook_root_ca.metadata[0].name}"
+ "secretName" : "${kubernetes_secret.linkerd_webhook_root_ca.metadata[0].name}"
}
}
}
@@ -55,14 +55,14 @@ resource "kubernetes_manifest" "linkerd_policy_validator_certificate" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Certificate"
+ "kind" = "Certificate"
"metadata" = {
- "name" = "linkerd-policy-validator"
+ "name" = "linkerd-policy-validator"
"namespace" = "${kubernetes_namespace.linkerd.id}"
}
"spec" = {
- "secretName" = "linkerd-policy-validator-k8s-tls"
- "duration" = "24h0m0s"
+ "secretName" = "linkerd-policy-validator-k8s-tls"
+ "duration" = "24h0m0s"
"renewBefore" = "1h0m0s"
"issuerRef" = {
"name" = "webhook-issuer"
@@ -75,7 +75,7 @@ resource "kubernetes_manifest" "linkerd_policy_validator_certificate" {
"isCA" = "false"
"privateKey" = {
"algorithm" = "ECDSA"
- "encoding" = "PKCS8"
+ "encoding" = "PKCS8"
}
"usages" = [
"server auth"
@@ -83,7 +83,7 @@ resource "kubernetes_manifest" "linkerd_policy_validator_certificate" {
}
}
- depends_on = [ kubernetes_manifest.linkerd_webhook_issuer ]
+ depends_on = [kubernetes_manifest.linkerd_webhook_issuer]
}
resource "kubernetes_manifest" "linkerd_proxy_injector_certificate" {
@@ -91,14 +91,14 @@ resource "kubernetes_manifest" "linkerd_proxy_injector_certificate" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Certificate"
+ "kind" = "Certificate"
"metadata" = {
- "name" = "linkerd-proxy-injector"
+ "name" = "linkerd-proxy-injector"
"namespace" = "${kubernetes_namespace.linkerd.id}"
}
"spec" = {
- "secretName" = "linkerd-proxy-injector-k8s-tls"
- "duration" = "24h0m0s"
+ "secretName" = "linkerd-proxy-injector-k8s-tls"
+ "duration" = "24h0m0s"
"renewBefore" = "1h0m0s"
"issuerRef" = {
"name" = "webhook-issuer"
@@ -117,8 +117,8 @@ resource "kubernetes_manifest" "linkerd_proxy_injector_certificate" {
]
}
}
-
- depends_on = [ kubernetes_manifest.linkerd_webhook_issuer ]
+
+ depends_on = [kubernetes_manifest.linkerd_webhook_issuer]
}
resource "kubernetes_manifest" "linkerd_sp_validator_certificate" {
@@ -126,14 +126,14 @@ resource "kubernetes_manifest" "linkerd_sp_validator_certificate" {
manifest = {
"apiVersion" = "cert-manager.io/v1"
- "kind" = "Certificate"
+ "kind" = "Certificate"
"metadata" = {
- "name" = "linkerd-sp-validator"
+ "name" = "linkerd-sp-validator"
"namespace" = "${kubernetes_namespace.linkerd.id}"
}
"spec" = {
- "secretName" = "linkerd-sp-validator-k8s-tls"
- "duration" = "24h0m0s"
+ "secretName" = "linkerd-sp-validator-k8s-tls"
+ "duration" = "24h0m0s"
"renewBefore" = "1h0m0s"
"issuerRef" = {
"name" = "webhook-issuer"
@@ -153,7 +153,7 @@ resource "kubernetes_manifest" "linkerd_sp_validator_certificate" {
}
}
- depends_on = [ kubernetes_manifest.linkerd_webhook_issuer ]
+ depends_on = [kubernetes_manifest.linkerd_webhook_issuer]
}
resource "time_sleep" "wait_webhook_certificate_provisioning" {
diff --git a/variables.tf b/variables.tf
index 5a7ce8d..a80cbcf 100644
--- a/variables.tf
+++ b/variables.tf
@@ -7,36 +7,36 @@ variable "kubernetes" {
}
variable "linkerd_repository" {
- description = "stable | edge | enterprise"
- type = string
- default = "stable"
+ description = "stable | edge | enterprise"
+ type = string
+ default = "stable"
}
variable "control_plane_helm_version" {
description = "Control plane helm version"
- type = string
- default = "1.16.11"
+ type = string
+ default = "1.16.11"
}
variable "control_plane_namespace" {
description = "Control plane namespace"
- type = string
- default = "linkerd"
+ type = string
+ default = "linkerd"
}
variable "viz_helm_version" {
description = "Viz helm version"
- type = string
- default = "30.12.11"
+ type = string
+ default = "30.12.11"
}
variable "viz_namespace" {
description = "Viz namespace"
- type = string
- default = "linkerd-viz"
+ type = string
+ default = "linkerd-viz"
}
variable "crds_helm_vesion" {
description = "Crds helm version"
- type = string
- default = "1.8.0"
+ type = string
+ default = "1.8.0"
}
\ No newline at end of file