Skip to content

Commit

Permalink
restructure module;
Browse files Browse the repository at this point in the history 
disable issuer cert being ca cert
  • Loading branch information
@huehnerhose
huehnerhose committed Jul 26, 2022
1 parent a06d6d5 commit 94210d0
Show file tree
Hide file tree
Showing 10 changed files with 115 additions and 103 deletions.
2 changes: 1 addition & 1 deletion anchor-cert.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ resource "tls_locally_signed_cert" "issuer_cert" {
ca_private_key_pem = var.external_trustanchor ? var.trustanchor_key.private_key_pem : tls_private_key.trustanchor_key[0].private_key_pem
ca_cert_pem = var.external_trustanchor ? var.trustanchor_cert.cert_pem : tls_self_signed_cert.trustanchor_cert[0].cert_pem
validity_period_hours = 8760
is_ca_certificate = true
is_ca_certificate = false

allowed_uses = [
"crl_signing",
Expand Down
71 changes: 0 additions & 71 deletions install.tf → linkerd-multicluster.tf
View file
Original file line number Diff line number Diff line change
@@ -1,70 +1,3 @@
locals {
values = var.enable_linkerd_ha == true ? "values-ha.yaml" : "values.yaml"
}

resource "helm_release" "linkerd" {
name = "linkerd"
repository = "https://helm.linkerd.io/stable"
chart = "linkerd2"
values = [
file("${path.module}/${local.values}"),
var.helm_values_linkerd
]

set {
name = "clusterDomain"
value = var.cluster_dns_name
}

set_sensitive {
name = "identityTrustAnchorsPEM"
value = var.external_trustanchor ? var.trustanchor_cert.cert_pem : tls_self_signed_cert.trustanchor_cert[0].cert_pem
}

set_sensitive {
name = "identity.issuer.crtExpiry"
value = tls_locally_signed_cert.issuer_cert.validity_end_time
}

set_sensitive {
name = "identity.issuer.tls.crtPEM"
value = tls_locally_signed_cert.issuer_cert.cert_pem
}

set_sensitive {
name = "identity.issuer.tls.keyPEM"
value = tls_private_key.issuer_key.private_key_pem
}
}
resource "helm_release" "linkerd-viz" {
count = var.enable_linkerd_viz == true ? 1 : 0

name = "linkerd-viz"
repository = "https://helm.linkerd.io/stable"
chart = "linkerd-viz"
values = [
var.helm_values_linkerd_viz
]
depends_on = [
helm_release.linkerd
]

set {
name = "clusterDomain"
value = var.cluster_dns_name
}

set {
name = "prometheus.enabled"
value = var.external_prometheus_url == "" ? true : false
}

set {
name = "prometheusUrl"
value = var.external_prometheus_url
}
}

resource "helm_release" "linkerd-multicluster" {
count = var.enable_linkerd_multicluster == true ? 1 : 0

Expand Down Expand Up @@ -104,7 +37,3 @@ resource "helm_release" "linkerd-multicluster" {
helm_release.linkerd
]
}

output "linkerd" {
value = "If in HA-mode, please refer to https://linkerd.io/2.11/features/ha/ and set label on kube-system: config.linkerd.io/admission-webhooks=disabled"
}
33 changes: 33 additions & 0 deletions linkerd-viz.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
resource "helm_release" "linkerd-viz" {
count = var.enable_linkerd_viz == true ? 1 : 0

name = "linkerd-viz"
repository = "https://helm.linkerd.io/stable"
chart = "linkerd-viz"
values = [
var.helm_values_linkerd_viz
]
depends_on = [
helm_release.linkerd
]

set {
name = "linkerdVersion"
value = var.linkerd_version
}

set {
name = "clusterDomain"
value = var.cluster_dns_name
}

set {
name = "prometheus.enabled"
value = var.external_prometheus_url == "" ? true : false
}

set {
name = "prometheusUrl"
value = var.external_prometheus_url
}
}
49 changes: 49 additions & 0 deletions linkerd.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
locals {
values = var.enable_linkerd_ha == true ? "values-ha.yaml" : "values.yaml"
}

resource "helm_release" "linkerd" {
name = "linkerd"
repository = "https://helm.linkerd.io/stable"
chart = "linkerd2"
values = [
file("${path.module}/${local.values}"),
var.helm_values_linkerd
]

set {
name = "linkerdVersion"
value = var.linkerd_version
}

set {
name = "clusterDomain"
value = var.cluster_dns_name
}

set_sensitive {
name = "identityTrustAnchorsPEM"
value = var.external_trustanchor
? var.trustanchor_cert.cert_pem
: tls_self_signed_cert.trustanchor_cert[0].cert_pem
}

set_sensitive {
name = "identity.issuer.crtExpiry"
value = tls_locally_signed_cert.issuer_cert.validity_end_time
}

set_sensitive {
name = "identity.issuer.tls.crtPEM"
value = tls_locally_signed_cert.issuer_cert.cert_pem
}

set_sensitive {
name = "identity.issuer.tls.keyPEM"
value = tls_private_key.issuer_key.private_key_pem
}
}

output "linkerd" {
value = "If in HA-mode, please refer to https://linkerd.io/2.11/features/ha/ and set label on kube-system: config.linkerd.io/admission-webhooks=disabled"
}
1 change: 1 addition & 0 deletions values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# empty placeholder for enabling values-ha inject
31 changes: 0 additions & 31 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,41 +21,10 @@ variable "helm_values_linkerd" {
default = ""
}

variable "enable_linkerd_viz" {
description = "install linkerd viz"
type = bool
default = false
}

variable "helm_values_linkerd_viz" {
description = "additional values for linked-viz release"
type = string
default = ""
}

variable "external_prometheus_url" {
description = "disable internal prometheus in favour of external prometheus by supplying prometheus url. See https://linkerd.io/2.11/tasks/external-prometheus/"
type = string
default = ""
}

variable "enable_linkerd_multicluster" {
description = "install linkerd multicluster"
type = bool
default = false
}

variable "external_trustanchor" {
description = "enable the externally supplied trustanchor creation, implies setting trustanchor_* variables!"
default = false
}

variable "trustanchor_key" {
description = "external trustanchor key"
default = false
}

variable "trustanchor_cert" {
description = "external trustanchor cert"
default = false
}
14 changes: 14 additions & 0 deletions variables_cert.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
variable "external_trustanchor" {
description = "enable the externally supplied trustanchor creation, implies setting trustanchor_* variables!"
default = false
}

variable "trustanchor_key" {
description = "external trustanchor key"
default = false
}

variable "trustanchor_cert" {
description = "external trustanchor cert"
default = false
}
Empty file added variables_ha.tf
View file
Empty file.
6 changes: 6 additions & 0 deletions variables_multicluster.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
variable "enable_linkerd_multicluster" {
description = "install linkerd multicluster"
type = bool
default = false
}

variable "helm_values_linkerd_multicluster" {
description = "additional values for linked-multicluster release, it's mandatory - there are values that needs to be set, refer to https://artifacthub.io/packages/helm/linkerd2/linkerd-multicluster?modal=values"
type = string
Expand Down
11 changes: 11 additions & 0 deletions variables_viz.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
variable "enable_linkerd_viz" {
description = "install linkerd viz"
type = bool
default = false
}

variable "helm_values_linkerd_viz" {
description = "additional values for linked-viz release"
type = string
default = ""
}

0 comments on commit 94210d0

Please sign in to comment.