neko1101 · neko1101 · May 21, 2024 · May 21, 2024 · May 21, 2024 · May 22, 2024
diff --git a/README.md b/README.md
@@ -77,15 +77,24 @@ No modules.
 | <a name="input_control_plane_ca_validity"></a> [control\_plane\_ca\_validity](#input\_control\_plane\_ca\_validity) | Control plane Issuer CA validity in hours eg: 175200 for 20 years | `string` | `"175200"` | no |
 | <a name="input_control_plane_cert_duration"></a> [control\_plane\_cert\_duration](#input\_control\_plane\_cert\_duration) | Control plane TLS cert duration eg: 24h0m0s | `string` | `"72h0m0s"` | no |
 | <a name="input_control_plane_cert_renew_before"></a> [control\_plane\_cert\_renew\_before](#input\_control\_plane\_cert\_renew\_before) | Control plane TLS cert renew before eg: 1h0m0s | `string` | `"24h0m0s"` | no |
-| <a name="input_control_plane_helm_version"></a> [control\_plane\_helm\_version](#input\_control\_plane\_helm\_version) | Control plane helm version | `string` | `"1.16.11"` | no |
+| <a name="input_control_plane_enable_pod_anti_affinity"></a> [control\_plane\_enable\_pod\_anti\_affinity](#input\_control\_plane\_enable\_pod\_anti\_affinity) | Control plane enable podAntiAffinity | `bool` | `false` | no |
+| <a name="input_control_plane_enable_pod_distruption_budget"></a> [control\_plane\_enable\_pod\_distruption\_budget](#input\_control\_plane\_enable\_pod\_distruption\_budget) | Control plane enable podDisruptionBudget | `bool` | `false` | no |
+| <a name="input_control_plane_helm_version"></a> [control\_plane\_helm\_version](#input\_control\_plane\_helm\_version) | Control plane helm version | `string` | `"1.16.10"` | no |
 | <a name="input_control_plane_namespace"></a> [control\_plane\_namespace](#input\_control\_plane\_namespace) | Control plane namespace | `string` | `"linkerd"` | no |
+| <a name="input_control_plane_replica_count"></a> [control\_plane\_replica\_count](#input\_control\_plane\_replica\_count) | Control plane replica count | `number` | `1` | no |
 | <a name="input_crds_helm_vesion"></a> [crds\_helm\_vesion](#input\_crds\_helm\_vesion) | Crds helm version | `string` | `"1.8.0"` | no |
-| <a name="input_kubernetes"></a> [kubernetes](#input\_kubernetes) | Kubernetes connection configuration | <pre>object({<br>    host : string,<br>    cluster_ca_certificate : string,<br>    token : string,<br>  })</pre> | n/a | yes |
+| <a name="input_dashboard_replica_count"></a> [dashboard\_replica\_count](#input\_dashboard\_replica\_count) | Dashboard replica count | `number` | `1` | no |
+| <a name="input_kubernetes"></a> [kubernetes](#input\_kubernetes) | Kubernetes config | `map(string)` | <pre>{<br>  "config_context": "my-context",<br>  "config_path": "~/.kube/config"<br>}</pre> | no |
 | <a name="input_linkerd_repository"></a> [linkerd\_repository](#input\_linkerd\_repository) | stable \| edge \| enterprise | `string` | `"stable"` | no |
+| <a name="input_metrics_replica_count"></a> [metrics\_replica\_count](#input\_metrics\_replica\_count) | Metrics api replica count | `number` | `1` | no |
+| <a name="input_tap_injector_replica_count"></a> [tap\_injector\_replica\_count](#input\_tap\_injector\_replica\_count) | Tap injector replica count | `number` | `1` | no |
+| <a name="input_tap_replica_count"></a> [tap\_replica\_count](#input\_tap\_replica\_count) | Tap replica count | `number` | `1` | no |
 | <a name="input_viz_ca_validity"></a> [viz\_ca\_validity](#input\_viz\_ca\_validity) | Viz Issuer CA validity in hours eg: 175200 for 20 years | `string` | `"175200"` | no |
 | <a name="input_viz_cert_duration"></a> [viz\_cert\_duration](#input\_viz\_cert\_duration) | Viz TLS cert duration eg: 24h0m0s | `string` | `"48h0m0s"` | no |
 | <a name="input_viz_cert_renew_before"></a> [viz\_cert\_renew\_before](#input\_viz\_cert\_renew\_before) | Viz TLS cert renew before eg: 1h0m0s | `string` | `"24h0m0s"` | no |
-| <a name="input_viz_helm_version"></a> [viz\_helm\_version](#input\_viz\_helm\_version) | Viz helm version | `string` | `"30.12.11"` | no |
+| <a name="input_viz_enable_pod_anti_affinity"></a> [viz\_enable\_pod\_anti\_affinity](#input\_viz\_enable\_pod\_anti\_affinity) | Viz enable podAntiAffinity | `bool` | `false` | no |
+| <a name="input_viz_enable_pod_distruption_budget"></a> [viz\_enable\_pod\_distruption\_budget](#input\_viz\_enable\_pod\_distruption\_budget) | Viz enable podDisruptionBudget | `bool` | `false` | no |
+| <a name="input_viz_helm_version"></a> [viz\_helm\_version](#input\_viz\_helm\_version) | Viz helm version | `string` | `"30.12.10"` | no |
 | <a name="input_viz_namespace"></a> [viz\_namespace](#input\_viz\_namespace) | Viz namespace | `string` | `"linkerd-viz"` | no |
 | <a name="input_webhook_ca_validity"></a> [webhook\_ca\_validity](#input\_webhook\_ca\_validity) | Webhook Issuer CA validity in hours eg: 175200 for 20 years | `string` | `"175200"` | no |
 | <a name="input_webhook_cert_duration"></a> [webhook\_cert\_duration](#input\_webhook\_cert\_duration) | Webhook TLS cert duration eg: 24h0m0s | `string` | `"48h0m0s"` | no |

diff --git a/charts/linkerd-control-plane/values-ha.yaml b/charts/linkerd-control-plane/values-ha.yaml
@@ -24,7 +24,7 @@ controlPlaneTracing: false
 # -- namespace to send control plane traces to
 controlPlaneTracingNamespace: linkerd-jaeger
 # -- control plane version. See Proxy section for proxy version
-linkerdVersion: linkerdVersionValue
+linkerdVersion: stable-2.14.10
 # -- default kubernetes deployment strategy
 deploymentStrategy:
   rollingUpdate:

diff --git a/charts/linkerd-viz/values-ha.yaml b/charts/linkerd-viz/values-ha.yaml
@@ -2,7 +2,7 @@
 # Usage:
 #   helm install -f values.yaml -f values-ha.yaml
 
-enablePodAntiAffinity: true
+enablePodAntiAffinity: false
 enablePodDisruptionBudget: true
 
 # nodeAffinity:
@@ -18,7 +18,7 @@ resources: &ha_resources
 
 # tap configuration
 tap:
-  replicas: 3
+  replicas: 1
   resources: *ha_resources
 
 # web configuration

diff --git a/charts/linkerd-viz/values.yaml b/charts/linkerd-viz/values.yaml
@@ -5,7 +5,7 @@
 # Fields that should be common with the core control plane
 
 # -- control plane version. See Proxy section for proxy version
-linkerdVersion: linkerdVersionValue
+linkerdVersion: stable-2.14.10
 # -- Kubernetes DNS Domain name to use
 clusterDomain: cluster.local
 # -- Additional labels to add to all pods

diff --git a/main.tf b/main.tf
@@ -87,6 +87,11 @@ resource "helm_release" "linkerd_control_plane" {
     value = "true"
   }
 
+  set {
+    name  = "controllerReplicas"
+    value = var.control_plane_replica_count
+  }
+
   set_sensitive {
     name  = "identityTrustAnchorsPEM"
     value = data.kubernetes_secret.linkerd_identity_issuer_certificate.data["ca.crt"]
@@ -122,6 +127,16 @@ resource "helm_release" "linkerd_control_plane" {
     value = data.kubernetes_secret.linkerd_sp_validator_certificate.data["ca.crt"]
   }
 
+  set {
+    name  = "enablePodAntiAffinity"
+    value = var.control_plane_enable_pod_anti_affinity
+  }
+
+  set {
+    name  = "enablePodDisruptionBudget"
+    value = var.control_plane_enable_pod_distruption_budget
+  }
+
   set_sensitive {
     name  = "policyValidator.caBundle"
     value = data.kubernetes_secret.linkerd_policy_validator_certificate.data["ca.crt"]
@@ -155,11 +170,21 @@ resource "helm_release" "linkerd_viz" {
     value = "true"
   }
 
+  set {
+    name  = "tap.replicas"
+    value = var.tap_replica_count
+  }
+
   set {
     name  = "tapInjector.externalSecret"
     value = "true"
   }
 
+  set {
+    name  = "tapInjector.replicas"
+    value = var.tap_replica_count
+  }
+
   set_sensitive {
     name  = "tap.caBundle"
     value = data.kubernetes_secret.linkerd_viz_certificate.data["ca.crt"]
@@ -170,6 +195,26 @@ resource "helm_release" "linkerd_viz" {
     value = data.kubernetes_secret.linkerd_tap_injector_certificate.data["ca.crt"]
   }
 
+  set {
+    name  = "dashboard.replicas"
+    value = var.dashboard_replica_count
+  }
+
+  set {
+    name  = "metricsAPI.replicas"
+    value = var.metrics_replica_count
+  }
+
+  set {
+    name  = "enablePodAntiAffinity"
+    value = var.viz_enable_pod_anti_affinity
+  }
+
+  set {
+    name  = "enablePodDisruptionBudget"
+    value = var.viz_enable_pod_distruption_budget
+  }
+
   depends_on = [
     data.kubernetes_secret.linkerd_viz_certificate,
     data.kubernetes_secret.linkerd_tap_injector_certificate,

diff --git a/providers.tf b/providers.tf
@@ -18,15 +18,13 @@ terraform {
 provider "time" {}
 
 provider "kubernetes" {
-  host                   = var.kubernetes.host
-  cluster_ca_certificate = var.kubernetes.cluster_ca_certificate
-  token                  = var.kubernetes.token
+  config_path    = var.kubernetes.config_path
+  config_context = var.kubernetes.config_context
 }
 
 provider "helm" {
   kubernetes {
-    host                   = var.kubernetes.host
-    cluster_ca_certificate = var.kubernetes.cluster_ca_certificate
-    token                  = var.kubernetes.token
+    config_path    = var.kubernetes.config_path
+    config_context = var.kubernetes.config_context
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -1,10 +1,10 @@
 variable "kubernetes" {
-  description = "Kubernetes connection configuration"
-  type = object({
-    host : string,
-    cluster_ca_certificate : string,
-    token : string,
-  })
+  description = "Kubernetes config"
+  type        = map(string)
+  default = {
+    "config_path"    = "~/.kube/config"
+    "config_context" = "my-context"
+  }
 }
 
 variable "linkerd_repository" {
@@ -16,8 +16,9 @@ variable "linkerd_repository" {
 variable "control_plane_helm_version" {
   description = "Control plane helm version"
   type        = string
-  default     = "1.16.11"
+  default     = "1.16.10"
 }
+
 variable "control_plane_namespace" {
   description = "Control plane namespace"
   type        = string
@@ -42,6 +43,60 @@ variable "control_plane_cert_renew_before" {
   default     = "24h0m0s"
 }
 
+variable "control_plane_replica_count" {
+  description = "Control plane replica count"
+  type        = number
+  default     = 1
+}
+
+variable "tap_replica_count" {
+  description = "Tap replica count"
+  type        = number
+  default     = 1
+}
+
+variable "tap_injector_replica_count" {
+  description = "Tap injector replica count"
+  type        = number
+  default     = 1
+}
+
+variable "dashboard_replica_count" {
+  description = "Dashboard replica count"
+  type        = number
+  default     = 1
+}
+
+variable "metrics_replica_count" {
+  description = "Metrics api replica count"
+  type        = number
+  default     = 1
+}
+
+variable "viz_enable_pod_anti_affinity" {
+  description = "Viz enable podAntiAffinity"
+  type        = bool
+  default     = false
+}
+
+variable "viz_enable_pod_distruption_budget" {
+  description = "Viz enable podDisruptionBudget"
+  type        = bool
+  default     = false
+}
+
+variable "control_plane_enable_pod_anti_affinity" {
+  description = "Control plane enable podAntiAffinity"
+  type        = bool
+  default     = false
+}
+
+variable "control_plane_enable_pod_distruption_budget" {
+  description = "Control plane enable podDisruptionBudget"
+  type        = bool
+  default     = false
+}
+
 variable "webhook_ca_validity" {
   description = "Webhook Issuer CA validity in hours eg: 175200 for 20 years"
   type        = string
@@ -62,7 +117,7 @@ variable "webhook_cert_renew_before" {
 variable "viz_helm_version" {
   description = "Viz helm version"
   type        = string
-  default     = "30.12.11"
+  default     = "30.12.10"
 }
 
 variable "viz_namespace" {