diff --git a/LICENSE b/LICENSE index ec954b7..0a9a449 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Michele Adduci +Copyright (c) 2025 Michele Adduci Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/examples/kind-with-cilium/README.md b/examples/kind-with-cilium/README.md new file mode 100644 index 0000000..38bcefb --- /dev/null +++ b/examples/kind-with-cilium/README.md @@ -0,0 +1,43 @@ +# kind-with-cilium + +This example shows how a KIND (Kubernetes-in-Docker) Cluster, configured with Cilium, can be created with easy steps. + +## Requirements + +The following tools are required for this project: + +* `docker` (up and running) +* `terraform` (1.6+) / `opentofu` (1.6+) +* `helm` (3.0+) +* `kind` (0.22.0+) + +## How to run the example + +In a Terminal, type the following commands to initialize the Terraform/OpenTofu Workspace and create the cluster: + +```sh +export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu +$TF_BIN init +$TF_BIN plan +$TF_BIN apply +``` + +After the completion of the above described commands, if no error has been returned, you should see that 2 Containers are running: + +* the Kubernetes Control Plane +* two Worker Nodes + +Additionally, a new file, `kubeconfig`, will be placed in this folder, giving you the possibility to authenticate yourself against the cluster and inspect it with your favorite tool (e.g. k9s, headlamp, Lens). + +At this point you can also use the `cilium-cli` command line tool to verify that the cluster is working with Cilium successfully. + +## How to destroy the cluster + +In a Terminal, you can simply run: + +```sh +export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu +$TF_BIN destroy +``` + +and all the resources will be deleted. \ No newline at end of file diff --git a/examples/kind-with-cilium/providers.tf b/examples/kind-with-cilium/providers.tf index 5bf3fad..190f22c 100644 --- a/examples/kind-with-cilium/providers.tf +++ b/examples/kind-with-cilium/providers.tf @@ -6,11 +6,11 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.16.1" + version = "2.17.0" } kubernetes = { source = "hashicorp/kubernetes" - version = "2.34.0" + version = "2.35.1" } } } diff --git a/examples/kind-with-istio/README.md b/examples/kind-with-istio/README.md new file mode 100644 index 0000000..9b0a449 --- /dev/null +++ b/examples/kind-with-istio/README.md @@ -0,0 +1,55 @@ +# kind-with-istio + +This example shows how a KIND (Kubernetes-in-Docker) Cluster, configured with Istio, can be created with easy steps. + +Additionally, the example will deploy a Workload example taken directly from the [Istio Repository](https://github.com/istio/istio), showing the usage of VirtualService and DestinationRule custom resources + +The Istio Gateway will map the port 80 and expose the Service through it. If you want to use the HTTPS port, you need to customise the `example.yaml` file and also register a valid key pair to be used for the TLS communication. + +## Requirements + +The following tools are required for this project: + +* `docker` (up and running) +* `terraform` (1.6+) / `opentofu` (1.6+) +* `helm` (3.0+) +* `kind` (0.22.0+) + +## How to run the example + +In a Terminal, type the following commands to initialize the Terraform/OpenTofu Workspace and create the cluster: + +```sh +export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu +$TF_BIN init +$TF_BIN plan +$TF_BIN apply +``` + +After the completion of the above described commands, if no error has been returned, you should see that 2 Containers are running: + +* the Kubernetes Control Plane +* two Worker Nodes + +Additionally, a new file, `kubeconfig`, will be placed in this folder, giving you the possibility to authenticate yourself against the cluster and inspect it with your favorite tool (e.g. k9s, headlamp, Lens). + +You can now access the example Service at the following address: + +`http://localhost/hello` + +You should see the message: + +`Hello version: v2, instance: helloworld-v2-` + +At this point you can also use the `istioctl` command line tool to verify that the cluster is working with Istio successfully. + +## How to destroy the cluster + +In a Terminal, you can simply run: + +```sh +export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu +$TF_BIN destroy +``` + +and all the resources will be deleted. \ No newline at end of file diff --git a/examples/kind-with-istio/providers.tf b/examples/kind-with-istio/providers.tf index 293eb33..bc93513 100644 --- a/examples/kind-with-istio/providers.tf +++ b/examples/kind-with-istio/providers.tf @@ -6,11 +6,11 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.16.1" + version = "2.17.0" } kubernetes = { source = "hashicorp/kubernetes" - version = "2.34.0" + version = "2.35.1" } null = { source = "hashicorp/null" diff --git a/examples/kind-with-nginx/README.md b/examples/kind-with-nginx/README.md new file mode 100644 index 0000000..abcc85c --- /dev/null +++ b/examples/kind-with-nginx/README.md @@ -0,0 +1,49 @@ +# kind-with-nginx + +This example shows how a KIND (Kubernetes-in-Docker) Cluster, running with an NGINX Ingress Controller, can be created with easy steps. + +Additionally, the example will deploy a demo Workload in form of a Nextcloud Pod, deployed using its [official Helm Chart](https://github.com/nextcloud/helm). + +The Ingress Controller will map the ports 80 and 443 on the host and expose the Service through it. + +## Requirements + +The following tools are required for this project: + +* `docker` (up and running) +* `terraform` (1.6+) / `opentofu` (1.6+) +* `helm` (3.0+) +* `kind` (0.22.0+) + +## How to run the example + +In a Terminal, type the following commands to initialize the Terraform/OpenTofu Workspace and create the cluster: + +```sh +export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu +$TF_BIN init +$TF_BIN plan +$TF_BIN apply +``` + +After the completion of the above described commands, if no error has been returned, you should see that 2 Containers are running: + +* the Kubernetes Control Plane +* a Worker Node where the Workload (Nextcloud) is deployed + +Additionally, a new file, `kubeconfig`, will be placed in this folder, giving you the possibility to authenticate yourself against the cluster and inspect it with your favorite tool (e.g. k9s, headlamp, Lens). + +You can now access Nextcloud at the following address: + +`https://localhost/` + +## How to destroy the cluster + +In a Terminal, you can simply run: + +```sh +export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu +$TF_BIN destroy +``` + +and all the resources will be deleted. \ No newline at end of file diff --git a/examples/kind-with-nginx/main.tf b/examples/kind-with-nginx/main.tf index bf0c829..1dbbf8d 100644 --- a/examples/kind-with-nginx/main.tf +++ b/examples/kind-with-nginx/main.tf @@ -1,7 +1,7 @@ module "kind" { source = "../../modules/kind-cluster" cluster_name = "local-cluster" - worker_nodes = 2 + worker_nodes = 1 kubeconfig_save_path = "./kubeconfig" } diff --git a/examples/kind-with-nginx/providers.tf b/examples/kind-with-nginx/providers.tf index b92e61d..cdd4bc8 100644 --- a/examples/kind-with-nginx/providers.tf +++ b/examples/kind-with-nginx/providers.tf @@ -6,12 +6,12 @@ terraform { } helm = { source = "hashicorp/helm" - version = "2.16.1" + version = "2.17.0" } kubernetes = { source = "hashicorp/kubernetes" - version = "2.34.0" + version = "2.35.1" } } } diff --git a/examples/kind-with-nginx/workload.tf b/examples/kind-with-nginx/workload.tf index 4f506db..17bd5f7 100644 --- a/examples/kind-with-nginx/workload.tf +++ b/examples/kind-with-nginx/workload.tf @@ -13,7 +13,7 @@ resource "helm_release" "nextcloud" { name = "nextcloud" chart = "nextcloud" repository = "https://nextcloud.github.io/helm/" - version = "6.2.4" + version = "6.6.2" namespace = kubernetes_namespace_v1.workshop.metadata[0].name lint = true atomic = true diff --git a/modules/cilium-mesh/LICENSE b/modules/cilium-mesh/LICENSE index ec954b7..0a9a449 100644 --- a/modules/cilium-mesh/LICENSE +++ b/modules/cilium-mesh/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Michele Adduci +Copyright (c) 2025 Michele Adduci Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/modules/cilium-mesh/README.md b/modules/cilium-mesh/README.md index 2506006..e88d68b 100644 --- a/modules/cilium-mesh/README.md +++ b/modules/cilium-mesh/README.md @@ -10,7 +10,7 @@ Clone this repository and set the path to this module in your Project. module "cilium" { source = "path/to/this/module" - helm_version = "1.24.1" + helm_version = "1.16.5" } ´´´ @@ -34,26 +34,22 @@ No modules. | Name | Type | |------|------| -| [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istio_cni](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istio_egressgateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace_v1.istio_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource | -| [kubernetes_service_v1.istio_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service_v1) | data source | +| [helm_release.cilium](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_service_v1.cilium_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service_v1) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://istio-release.storage.googleapis.com/charts"` | no | -| [helm\_version](#input\_helm\_version) | The version of the Istio Helm Chart to be installed | `string` | `"1.24.1"` | no | -| [namespace](#input\_namespace) | Namespace where to install the services | `string` | `"istio-system"` | no | +| [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://helm.cilium.io/"` | no | +| [helm\_version](#input\_helm\_version) | The version of the Cilium Helm Chart to be installed | `string` | `"1.16.5"` | no | +| [node\_port\_http](#input\_node\_port\_http) | The NodePort for HTTP traffic | `number` | `30000` | no | +| [node\_port\_https](#input\_node\_port\_https) | The NodePort for HTTPS traffic | `number` | `30001` | no | ## Outputs | Name | Description | |------|-------------| -| [istio\_http\_port](#output\_istio\_http\_port) | The Istio HTTP port | -| [istio\_https\_port](#output\_istio\_https\_port) | The Istio HTTPS port | +| [cilium\_http\_port](#output\_cilium\_http\_port) | The Cilium HTTP port | +| [cilium\_https\_port](#output\_cilium\_https\_port) | The Cilium HTTPS port | \ No newline at end of file diff --git a/modules/cilium-mesh/variables.tf b/modules/cilium-mesh/variables.tf index f59fabd..ac9c18f 100644 --- a/modules/cilium-mesh/variables.tf +++ b/modules/cilium-mesh/variables.tf @@ -1,7 +1,7 @@ variable "helm_version" { description = "The version of the Cilium Helm Chart to be installed" type = string - default = "1.16.4" + default = "1.16.5" validation { condition = can(regex("^[0-9]+.[0-9]+.[0-9]+$", var.helm_version)) error_message = "The Helm version must be in the format x.y.z" diff --git a/modules/istio-mesh/README.md b/modules/istio-mesh/README.md index 4d86a06..f3ef7fd 100644 --- a/modules/istio-mesh/README.md +++ b/modules/istio-mesh/README.md @@ -10,7 +10,7 @@ Clone this repository and set the path to this module in your Project. module "istio" { source = "path/to/this/module" - helm_version = "1.24.1" + helm_version = "1.24.2" } ´´´ @@ -46,9 +46,16 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [external\_ip](#input\_external\_ip) | The external IP of the ingress gateway, only single IP is supported | `string` | `""` | no | | [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://istio-release.storage.googleapis.com/charts"` | no | -| [helm\_version](#input\_helm\_version) | The version of the Istio Helm Chart to be installed | `string` | `"1.24.1"` | no | +| [helm\_version](#input\_helm\_version) | The version of the Istio Helm Chart to be installed | `string` | `"1.24.2"` | no | +| [ingress\_annotations](#input\_ingress\_annotations) | The annotations to be used for the ingress gateway | 
list(object({
    name  = string
    value = string
  }))
| `[]` | no | +| [local\_node\_ports\_istio](#input\_local\_node\_ports\_istio) | Defines the node ports to use with the local cluster (kind) | 
list(object({
    port       = number
    targetPort = number
    name       = string
    protocol   = string
    nodePort   = string
  }))
| 
[
  {
    "name": "status-port",
    "nodePort": 30002,
    "port": 15021,
    "protocol": "TCP",
    "targetPort": 15021
  },
  {
    "name": "http2",
    "nodePort": 30000,
    "port": 80,
    "protocol": "TCP",
    "targetPort": 80
  },
  {
    "name": "https",
    "nodePort": 30001,
    "port": 443,
    "protocol": "TCP",
    "targetPort": 443
  }
]
| no | | [namespace](#input\_namespace) | Namespace where to install the services | `string` | `"istio-system"` | no | +| [replica\_count](#input\_replica\_count) | The number of replicas that have to be configured for the services | `number` | `3` | no | +| [trace\_sampling](#input\_trace\_sampling) | The sampling rate option can be used to control what percentage of requests get reported to your tracing system. (https://istio.io/latest/docs/tasks/observability/distributed-tracing/mesh-and-proxy-config/#customizing-trace-sampling) | `string` | `"1.0"` | no | +| [tracer\_address](#input\_tracer\_address) | Address of the tracer to be used | `string` | `""` | no | +| [tracer\_type](#input\_tracer\_type) | The type of tracer to be used | `string` | `"none"` | no | ## Outputs diff --git a/modules/istio-mesh/variables.tf b/modules/istio-mesh/variables.tf index 5c8e425..6db9ae8 100644 --- a/modules/istio-mesh/variables.tf +++ b/modules/istio-mesh/variables.tf @@ -11,7 +11,7 @@ variable "namespace" { variable "helm_version" { description = "The version of the Istio Helm Chart to be installed" type = string - default = "1.24.1" + default = "1.24.2" validation { condition = can(regex("^[0-9]+.[0-9]+.[0-9]+$", var.helm_version)) error_message = "The Helm version must be in the format x.y.z" diff --git a/modules/kind-cluster/LICENSE b/modules/kind-cluster/LICENSE index ec954b7..0a9a449 100644 --- a/modules/kind-cluster/LICENSE +++ b/modules/kind-cluster/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Michele Adduci +Copyright (c) 2025 Michele Adduci Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/modules/kind-cluster/README.md b/modules/kind-cluster/README.md index d853096..098f080 100644 --- a/modules/kind-cluster/README.md +++ b/modules/kind-cluster/README.md @@ -9,8 +9,8 @@ Clone this repository and set the path to this module in your Project. ´´´hcl module "kind" { source = "path/to/this/module" - - kubernetes_version = "1.31.2" + + kubernetes_version = "1.31.4" cluster_name = "my_local_cluster" worker_nodes = 2 # Create two worker nodes kubeconfig_save_path = "./kubeconfig" @@ -44,13 +44,21 @@ No modules. |------|-------------|------|---------|:--------:| | [cluster\_name](#input\_cluster\_name) | Defines the name of the cluster | `string` | `"local-cluster"` | no | | [kubeconfig\_save\_path](#input\_kubeconfig\_save\_path) | Defines the path to save the kubeconfig file | `string` | `"kubeconfig"` | no | -| [kubernetes\_version](#input\_kubernetes\_version) | Defines the kubernetes version to be used | `string` | `"v1.31.2"` | no | -| [worker\_nodes](#input\_worker\_nodes) | Defines the number of worker nodes to be created | `number` | `3` | no | +| [kubernetes\_version](#input\_kubernetes\_version) | Defines the kubernetes version to be used | `string` | `"v1.31.4"` | no | +| [worker\_nodes](#input\_worker\_nodes) | Defines the number of worker nodes to be created | `number` | `1` | no | ## Outputs | Name | Description | |------|-------------| -| [cluster\_endpoint](#output\_cluster\_endpoint) | The endpoint of the created kind cluster | +| [client\_certificate](#output\_client\_certificate) | The client certificate for the kubeconfig | +| [client\_key](#output\_client\_key) | The client key for the kubeconfig | +| [cluster\_ca\_certificate](#output\_cluster\_ca\_certificate) | The cluster CA certificate for the kubeconfig | +| [container\_port\_http](#output\_container\_port\_http) | The Container Port that is mapping the HTTP Port 80 on the host | +| [container\_port\_https](#output\_container\_port\_https) | The Container Port that is mapping the HTTPS Port 443 on the host | +| [container\_port\_istioctl](#output\_container\_port\_istioctl) | The Container Port that is mapping the Istioctl Port 15021 on the host | +| [endpoint](#output\_endpoint) | The endpoint of the created cluster | +| [http\_container\_port](#output\_http\_container\_port) | The Container Port that is mapping the Ciliumctl Port 9876 on the host | | [kubeconfig\_path](#output\_kubeconfig\_path) | Path to the kubeconfig file | +| [name](#output\_name) | The name of the created cluster | \ No newline at end of file diff --git a/modules/kind-cluster/variables.tf b/modules/kind-cluster/variables.tf index 292f1a1..98111a4 100644 --- a/modules/kind-cluster/variables.tf +++ b/modules/kind-cluster/variables.tf @@ -20,7 +20,7 @@ variable "cluster_name" { variable "worker_nodes" { type = number - default = 3 + default = 1 description = "Defines the number of worker nodes to be created" validation { condition = var.worker_nodes > 0 diff --git a/modules/nginx-ingress/LICENSE b/modules/nginx-ingress/LICENSE index ec954b7..0a9a449 100644 --- a/modules/nginx-ingress/LICENSE +++ b/modules/nginx-ingress/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Michele Adduci +Copyright (c) 2025 Michele Adduci Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/modules/nginx-ingress/README.md b/modules/nginx-ingress/README.md index ec34e4e..f860756 100644 --- a/modules/nginx-ingress/README.md +++ b/modules/nginx-ingress/README.md @@ -58,7 +58,11 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [ingress\_nginx\_sha256\_digest](#input\_ingress\_nginx\_sha256\_digest) | The sha256 digest of the NGINX Ingress to be installed | `string` | `"d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7"` | no | | [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | The version of the NGINX Ingress to be installed | `string` | `"1.11.3"` | no | +| [ingress\_webhook\_certgen\_sha256\_digest](#input\_ingress\_webhook\_certgen\_sha256\_digest) | The sha256 digest of the NGINX Webhook Certificate generator to be installed | `string` | `"a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f"` | no | +| [ingress\_webhook\_certgen\_version](#input\_ingress\_webhook\_certgen\_version) | The version of the NGINX Webhook Certificate generator to be installed | `string` | `"1.4.4"` | no | +| [local\_node\_ports](#input\_local\_node\_ports) | Defines the node ports to use with the local cluster (kind) | 
list(object({
    app_protocol = string
    name         = string
    target_port  = string
    protocol     = string
    port         = number
    node_port    = number
  }))
| 
[
  {
    "app_protocol": "http",
    "name": "http",
    "node_port": 30000,
    "port": 80,
    "protocol": "TCP",
    "target_port": "http"
  },
  {
    "app_protocol": "https",
    "name": "https",
    "node_port": 30001,
    "port": 443,
    "protocol": "TCP",
    "target_port": "https"
  }
]
| no | | [namespace](#input\_namespace) | Namespace where to install the services | `string` | `"ingress-nginx"` | no | ## Outputs