Last active
September 23, 2021 21:35
-
-
Save TylerWanner/20f967951d8039542dc2270f192291be to your computer and use it in GitHub Desktop.
Linkerd Control Plane with Helm and Terraform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
backend "local" { | |
path = "../states/linkerd.tfstate" | |
} | |
} | |
data "terraform_remote_state" "cluster" { | |
backend = "local" | |
config = { | |
path = "../states/cluster.tfstate" | |
} | |
} | |
data "terraform_remote_state" "cm" { | |
backend = "local" | |
config = { | |
path = "../states/cert_manager.tfstate" | |
} | |
} | |
data "terraform_remote_state" "cm_crds" { | |
backend = "local" | |
config = { | |
path = "../states/cm_crds.tfstate" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "helm_release" "linkerd" { | |
name = "linkerd" | |
namespace = "linkerd" | |
chart = "linkerd2" | |
repository = "https://helm.linkerd.io/stable" | |
version = "2.10.2" | |
atomic = true | |
values = [ | |
file("values-ha.yaml") | |
] | |
set { | |
name = "linkerdVersion" | |
value = "stable-2.10.2" | |
} | |
set_sensitive { | |
name = "identityTrustAnchorsPEM" | |
value = data.terraform_remote_state.cm_crds.outputs.cert | |
} | |
set { | |
name = "identity.issuer.scheme" | |
value = "kubernetes.io/tls" | |
} | |
set { | |
name = "installNamespace" | |
value = "false" | |
} | |
} | |
resource "helm_release" "linkerd_viz" { | |
name = "linkerd-viz" | |
chart = "linkerd-viz" | |
namespace = "linkerd" | |
repository = "https://helm.linkerd.io/stable" | |
version = "2.10.2" | |
set { | |
name = "linkerdVersion" | |
value = "stable-2.10.2" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { required_version = ">= 0.12.13" } | |
provider google {} | |
data "google_client_config" "default" {} | |
provider kubernetes { | |
host = "https://${data.terraform_remote_state.cluster.outputs.cluster_endpoint}" | |
token = data.google_client_config.default.access_token | |
cluster_ca_certificate = base64decode(data.terraform_remote_state.cluster.outputs.cacert) | |
} | |
provider "helm" { | |
kubernetes { | |
host = "https://${data.terraform_remote_state.cluster.outputs.cluster_endpoint}" | |
token = data.google_client_config.default.access_token | |
cluster_ca_certificate = base64decode(data.terraform_remote_state.cluster.outputs.cacert) | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This values.yaml file contains the values needed to enable HA mode. | |
# Usage: | |
# helm install -f values.yaml -f values-ha.yaml | |
enablePodAntiAffinity: true | |
global: | |
# proxy configuration | |
proxy: | |
resources: | |
cpu: | |
limit: "1" | |
request: 100m | |
memory: | |
limit: 250Mi | |
request: 20Mi | |
# controller configuration | |
controllerReplicas: 3 | |
controllerResources: &controller_resources | |
cpu: &controller_resources_cpu | |
limit: "1" | |
request: 100m | |
memory: | |
limit: 250Mi | |
request: 50Mi | |
destinationResources: *controller_resources | |
publicAPIResources: *controller_resources | |
# identity configuration | |
identityResources: | |
cpu: *controller_resources_cpu | |
memory: | |
limit: 250Mi | |
request: 10Mi | |
# grafana configuration | |
grafana: | |
resources: | |
cpu: *controller_resources_cpu | |
memory: | |
limit: 1024Mi | |
request: 50Mi | |
# heartbeat configuration | |
heartbeatResources: *controller_resources | |
# prometheus configuration | |
prometheusResources: | |
cpu: | |
limit: "1" | |
request: 300m | |
memory: | |
limit: 4096Mi | |
request: 300Mi | |
# proxy injector configuration | |
proxyInjectorResources: *controller_resources | |
webhookFailurePolicy: Fail | |
# service profile validator configuration | |
spValidatorResources: *controller_resources | |
# tap configuration | |
tapResources: *controller_resources | |
# web configuration | |
webResources: *controller_resources |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_providers { | |
google = { | |
source = "hashicorp/google" | |
version = "3.85.0" | |
} | |
helm = { | |
source = "hashicorp/helm" | |
version = "2.3.0" | |
} | |
kubernetes = { | |
source = "hashicorp/kubernetes" | |
version = "2.5.0" | |
} | |
} | |
required_version = ">= 1" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment