madduci · madduci · Jan 10, 2025 · Jan 10, 2025 · Jan 10, 2025
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Michele Adduci
+Copyright (c) 2025 Michele Adduci
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/examples/kind-with-cilium/README.md b/examples/kind-with-cilium/README.md
@@ -0,0 +1,43 @@
+# kind-with-cilium
+
+This example shows how a KIND (Kubernetes-in-Docker) Cluster, configured with Cilium, can be created with easy steps.
+
+## Requirements
+
+The following tools are required for this project:
+
+* `docker` (up and running)
+* `terraform` (1.6+) / `opentofu` (1.6+)
+* `helm` (3.0+)
+* `kind` (0.22.0+)
+
+## How to run the example
+
+In a Terminal, type the following commands to initialize the Terraform/OpenTofu Workspace and create the cluster:
+
+```sh
+export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu
+$TF_BIN init
+$TF_BIN plan
+$TF_BIN apply
+```
+
+After the completion of the above described commands, if no error has been returned, you should see that 2 Containers are running: 
+
+* the Kubernetes Control Plane
+* two Worker Nodes
+
+Additionally, a new file, `kubeconfig`, will be placed in this folder, giving you the possibility to authenticate yourself against the cluster and inspect it with your favorite tool (e.g. k9s, headlamp, Lens).
+
+At this point you can also use the `cilium-cli` command line tool to verify that the cluster is working with Cilium successfully.
+
+## How to destroy the cluster
+
+In a Terminal, you can simply run:
+
+```sh
+export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu
+$TF_BIN destroy
+```
+
+and all the resources will be deleted.
diff --git a/examples/kind-with-cilium/providers.tf b/examples/kind-with-cilium/providers.tf
@@ -6,11 +6,11 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = "2.16.1"
+      version = "2.17.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.34.0"
+      version = "2.35.1"
     }
   }
 }

diff --git a/examples/kind-with-istio/README.md b/examples/kind-with-istio/README.md
@@ -0,0 +1,55 @@
+# kind-with-istio
+
+This example shows how a KIND (Kubernetes-in-Docker) Cluster, configured with Istio, can be created with easy steps.
+
+Additionally, the example will deploy a Workload example taken directly from the [Istio Repository](https://github.com/istio/istio), showing the usage of VirtualService and DestinationRule custom resources
+
+The Istio Gateway will map the port 80 and expose the Service through it. If you want to use the HTTPS port, you need to customise the `example.yaml` file and also register a valid key pair to be used for the TLS communication.
+
+## Requirements
+
+The following tools are required for this project:
+
+* `docker` (up and running)
+* `terraform` (1.6+) / `opentofu` (1.6+)
+* `helm` (3.0+)
+* `kind` (0.22.0+)
+
+## How to run the example
+
+In a Terminal, type the following commands to initialize the Terraform/OpenTofu Workspace and create the cluster:
+
+```sh
+export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu
+$TF_BIN init
+$TF_BIN plan
+$TF_BIN apply
+```
+
+After the completion of the above described commands, if no error has been returned, you should see that 2 Containers are running: 
+
+* the Kubernetes Control Plane
+* two Worker Nodes
+
+Additionally, a new file, `kubeconfig`, will be placed in this folder, giving you the possibility to authenticate yourself against the cluster and inspect it with your favorite tool (e.g. k9s, headlamp, Lens).
+
+You can now access the example Service at the following address:
+
+`http://localhost/hello`
+
+You should see the message:
+
+`Hello version: v2, instance: helloworld-v2-<unique-id>`
+
+At this point you can also use the `istioctl` command line tool to verify that the cluster is working with Istio successfully.
+
+## How to destroy the cluster
+
+In a Terminal, you can simply run:
+
+```sh
+export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu
+$TF_BIN destroy
+```
+
+and all the resources will be deleted.
diff --git a/examples/kind-with-istio/providers.tf b/examples/kind-with-istio/providers.tf
@@ -6,11 +6,11 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = "2.16.1"
+      version = "2.17.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.34.0"
+      version = "2.35.1"
     }
     null = {
       source  = "hashicorp/null"

diff --git a/examples/kind-with-nginx/README.md b/examples/kind-with-nginx/README.md
@@ -0,0 +1,49 @@
+# kind-with-nginx
+
+This example shows how a KIND (Kubernetes-in-Docker) Cluster, running with an NGINX Ingress Controller, can be created with easy steps.
+
+Additionally, the example will deploy a demo Workload in form of a Nextcloud Pod, deployed using its [official Helm Chart](https://github.com/nextcloud/helm).
+
+The Ingress Controller will map the ports 80 and 443 on the host and expose the Service through it.
+
+## Requirements
+
+The following tools are required for this project:
+
+* `docker` (up and running)
+* `terraform` (1.6+) / `opentofu` (1.6+)
+* `helm` (3.0+)
+* `kind` (0.22.0+)
+
+## How to run the example
+
+In a Terminal, type the following commands to initialize the Terraform/OpenTofu Workspace and create the cluster:
+
+```sh
+export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu
+$TF_BIN init
+$TF_BIN plan
+$TF_BIN apply
+```
+
+After the completion of the above described commands, if no error has been returned, you should see that 2 Containers are running: 
+
+* the Kubernetes Control Plane
+* a Worker Node where the Workload (Nextcloud) is deployed
+
+Additionally, a new file, `kubeconfig`, will be placed in this folder, giving you the possibility to authenticate yourself against the cluster and inspect it with your favorite tool (e.g. k9s, headlamp, Lens).
+
+You can now access Nextcloud at the following address:
+
+`https://localhost/`
+
+## How to destroy the cluster
+
+In a Terminal, you can simply run:
+
+```sh
+export TF_BIN=tofu # change to `terraform` if you want to use Terraform instead of OpenTofu
+$TF_BIN destroy
+```
+
+and all the resources will be deleted.
diff --git a/examples/kind-with-nginx/main.tf b/examples/kind-with-nginx/main.tf
@@ -1,7 +1,7 @@
 module "kind" {
   source               = "../../modules/kind-cluster"
   cluster_name         = "local-cluster"
-  worker_nodes         = 2
+  worker_nodes         = 1
   kubeconfig_save_path = "./kubeconfig"
 }
 

diff --git a/examples/kind-with-nginx/providers.tf b/examples/kind-with-nginx/providers.tf
@@ -6,12 +6,12 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = "2.16.1"
+      version = "2.17.0"
     }
 
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.34.0"
+      version = "2.35.1"
     }
   }
 }

diff --git a/examples/kind-with-nginx/workload.tf b/examples/kind-with-nginx/workload.tf
@@ -13,7 +13,7 @@ resource "helm_release" "nextcloud" {
   name       = "nextcloud"
   chart      = "nextcloud"
   repository = "https://nextcloud.github.io/helm/"
-  version    = "6.2.4"
+  version    = "6.6.2"
   namespace  = kubernetes_namespace_v1.workshop.metadata[0].name
   lint       = true
   atomic     = true

diff --git a/modules/cilium-mesh/LICENSE b/modules/cilium-mesh/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Michele Adduci
+Copyright (c) 2025 Michele Adduci
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/modules/cilium-mesh/README.md b/modules/cilium-mesh/README.md
@@ -10,7 +10,7 @@ Clone this repository and set the path to this module in your Project.
 module "cilium" {
     source = "path/to/this/module"
 
-    helm_version = "1.24.1"
+    helm_version = "1.16.5"
 }
 ´´´
 
@@ -34,26 +34,22 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio_cni](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio_egressgateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_namespace_v1.istio_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
-| [kubernetes_service_v1.istio_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service_v1) | data source |
+| [helm_release.cilium](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_service_v1.cilium_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service_v1) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_helm_repository"></a> [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://istio-release.storage.googleapis.com/charts"` | no |
-| <a name="input_helm_version"></a> [helm\_version](#input\_helm\_version) | The version of the Istio Helm Chart to be installed | `string` | `"1.24.1"` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where to install the services | `string` | `"istio-system"` | no |
+| <a name="input_helm_repository"></a> [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://helm.cilium.io/"` | no |
+| <a name="input_helm_version"></a> [helm\_version](#input\_helm\_version) | The version of the Cilium Helm Chart to be installed | `string` | `"1.16.5"` | no |
+| <a name="input_node_port_http"></a> [node\_port\_http](#input\_node\_port\_http) | The NodePort for HTTP traffic | `number` | `30000` | no |
+| <a name="input_node_port_https"></a> [node\_port\_https](#input\_node\_port\_https) | The NodePort for HTTPS traffic | `number` | `30001` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_istio_http_port"></a> [istio\_http\_port](#output\_istio\_http\_port) | The Istio HTTP port |
-| <a name="output_istio_https_port"></a> [istio\_https\_port](#output\_istio\_https\_port) | The Istio HTTPS port |
+| <a name="output_cilium_http_port"></a> [cilium\_http\_port](#output\_cilium\_http\_port) | The Cilium HTTP port |
+| <a name="output_cilium_https_port"></a> [cilium\_https\_port](#output\_cilium\_https\_port) | The Cilium HTTPS port |
 <!-- END_TF_DOCS -->
diff --git a/modules/cilium-mesh/variables.tf b/modules/cilium-mesh/variables.tf
@@ -1,7 +1,7 @@
 variable "helm_version" {
   description = "The version of the Cilium Helm Chart to be installed"
   type        = string
-  default     = "1.16.4"
+  default     = "1.16.5"
   validation {
     condition     = can(regex("^[0-9]+.[0-9]+.[0-9]+$", var.helm_version))
     error_message = "The Helm version must be in the format x.y.z"

diff --git a/modules/istio-mesh/README.md b/modules/istio-mesh/README.md
@@ -10,7 +10,7 @@ Clone this repository and set the path to this module in your Project.
 module "istio" {
     source = "path/to/this/module"
 
-    helm_version = "1.24.1"
+    helm_version = "1.24.2"
 }
 ´´´
 
@@ -46,9 +46,16 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_external_ip"></a> [external\_ip](#input\_external\_ip) | The external IP of the ingress gateway, only single IP is supported | `string` | `""` | no |
 | <a name="input_helm_repository"></a> [helm\_repository](#input\_helm\_repository) | Helm Chart Repository URL | `string` | `"https://istio-release.storage.googleapis.com/charts"` | no |
-| <a name="input_helm_version"></a> [helm\_version](#input\_helm\_version) | The version of the Istio Helm Chart to be installed | `string` | `"1.24.1"` | no |
+| <a name="input_helm_version"></a> [helm\_version](#input\_helm\_version) | The version of the Istio Helm Chart to be installed | `string` | `"1.24.2"` | no |
+| <a name="input_ingress_annotations"></a> [ingress\_annotations](#input\_ingress\_annotations) | The annotations to be used for the ingress gateway | <pre>list(object({<br/>    name  = string<br/>    value = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_local_node_ports_istio"></a> [local\_node\_ports\_istio](#input\_local\_node\_ports\_istio) | Defines the node ports to use with the local cluster (kind) | <pre>list(object({<br/>    port       = number<br/>    targetPort = number<br/>    name       = string<br/>    protocol   = string<br/>    nodePort   = string<br/>  }))</pre> | <pre>[<br/>  {<br/>    "name": "status-port",<br/>    "nodePort": 30002,<br/>    "port": 15021,<br/>    "protocol": "TCP",<br/>    "targetPort": 15021<br/>  },<br/>  {<br/>    "name": "http2",<br/>    "nodePort": 30000,<br/>    "port": 80,<br/>    "protocol": "TCP",<br/>    "targetPort": 80<br/>  },<br/>  {<br/>    "name": "https",<br/>    "nodePort": 30001,<br/>    "port": 443,<br/>    "protocol": "TCP",<br/>    "targetPort": 443<br/>  }<br/>]</pre> | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where to install the services | `string` | `"istio-system"` | no |
+| <a name="input_replica_count"></a> [replica\_count](#input\_replica\_count) | The number of replicas that have to be configured for the services | `number` | `3` | no |
+| <a name="input_trace_sampling"></a> [trace\_sampling](#input\_trace\_sampling) | The sampling rate option can be used to control what percentage of requests get reported to your tracing system. (https://istio.io/latest/docs/tasks/observability/distributed-tracing/mesh-and-proxy-config/#customizing-trace-sampling) | `string` | `"1.0"` | no |
+| <a name="input_tracer_address"></a> [tracer\_address](#input\_tracer\_address) | Address of the tracer to be used | `string` | `""` | no |
+| <a name="input_tracer_type"></a> [tracer\_type](#input\_tracer\_type) | The type of tracer to be used | `string` | `"none"` | no |
 
 ## Outputs
 

diff --git a/modules/istio-mesh/variables.tf b/modules/istio-mesh/variables.tf
@@ -11,7 +11,7 @@ variable "namespace" {
 variable "helm_version" {
   description = "The version of the Istio Helm Chart to be installed"
   type        = string
-  default     = "1.24.1"
+  default     = "1.24.2"
   validation {
     condition     = can(regex("^[0-9]+.[0-9]+.[0-9]+$", var.helm_version))
     error_message = "The Helm version must be in the format x.y.z"

diff --git a/modules/kind-cluster/LICENSE b/modules/kind-cluster/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Michele Adduci
+Copyright (c) 2025 Michele Adduci
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/modules/kind-cluster/README.md b/modules/kind-cluster/README.md
@@ -9,8 +9,8 @@ Clone this repository and set the path to this module in your Project.
 ´´´hcl
 module "kind" {
     source = "path/to/this/module"
-
-    kubernetes_version = "1.31.2"
+    
+    kubernetes_version = "1.31.4"
     cluster_name = "my_local_cluster"
     worker_nodes = 2 # Create two worker nodes
     kubeconfig_save_path = "./kubeconfig"
@@ -44,13 +44,21 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Defines the name of the cluster | `string` | `"local-cluster"` | no |
 | <a name="input_kubeconfig_save_path"></a> [kubeconfig\_save\_path](#input\_kubeconfig\_save\_path) | Defines the path to save the kubeconfig file | `string` | `"kubeconfig"` | no |
-| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Defines the kubernetes version to be used | `string` | `"v1.31.2"` | no |
-| <a name="input_worker_nodes"></a> [worker\_nodes](#input\_worker\_nodes) | Defines the number of worker nodes to be created | `number` | `3` | no |
+| <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Defines the kubernetes version to be used | `string` | `"v1.31.4"` | no |
+| <a name="input_worker_nodes"></a> [worker\_nodes](#input\_worker\_nodes) | Defines the number of worker nodes to be created | `number` | `1` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_cluster_endpoint"></a> [cluster\_endpoint](#output\_cluster\_endpoint) | The endpoint of the created kind cluster |
+| <a name="output_client_certificate"></a> [client\_certificate](#output\_client\_certificate) | The client certificate for the kubeconfig |
+| <a name="output_client_key"></a> [client\_key](#output\_client\_key) | The client key for the kubeconfig |
+| <a name="output_cluster_ca_certificate"></a> [cluster\_ca\_certificate](#output\_cluster\_ca\_certificate) | The cluster CA certificate for the kubeconfig |
+| <a name="output_container_port_http"></a> [container\_port\_http](#output\_container\_port\_http) | The Container Port that is mapping the HTTP Port 80 on the host |
+| <a name="output_container_port_https"></a> [container\_port\_https](#output\_container\_port\_https) | The Container Port that is mapping the HTTPS Port 443 on the host |
+| <a name="output_container_port_istioctl"></a> [container\_port\_istioctl](#output\_container\_port\_istioctl) | The Container Port that is mapping the Istioctl Port 15021 on the host |
+| <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | The endpoint of the created cluster |
+| <a name="output_http_container_port"></a> [http\_container\_port](#output\_http\_container\_port) | The Container Port that is mapping the Ciliumctl Port 9876 on the host |
 | <a name="output_kubeconfig_path"></a> [kubeconfig\_path](#output\_kubeconfig\_path) | Path to the kubeconfig file |
+| <a name="output_name"></a> [name](#output\_name) | The name of the created cluster |
 <!-- END_TF_DOCS -->
diff --git a/modules/kind-cluster/variables.tf b/modules/kind-cluster/variables.tf
@@ -20,7 +20,7 @@ variable "cluster_name" {
 
 variable "worker_nodes" {
   type        = number
-  default     = 3
+  default     = 1
   description = "Defines the number of worker nodes to be created"
   validation {
     condition     = var.worker_nodes > 0

diff --git a/modules/nginx-ingress/LICENSE b/modules/nginx-ingress/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Michele Adduci
+Copyright (c) 2025 Michele Adduci
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/modules/nginx-ingress/README.md b/modules/nginx-ingress/README.md
@@ -58,7 +58,11 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_ingress_nginx_sha256_digest"></a> [ingress\_nginx\_sha256\_digest](#input\_ingress\_nginx\_sha256\_digest) | The sha256 digest of the NGINX Ingress to be installed | `string` | `"d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7"` | no |
 | <a name="input_ingress_nginx_version"></a> [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | The version of the NGINX Ingress to be installed | `string` | `"1.11.3"` | no |
+| <a name="input_ingress_webhook_certgen_sha256_digest"></a> [ingress\_webhook\_certgen\_sha256\_digest](#input\_ingress\_webhook\_certgen\_sha256\_digest) | The sha256 digest of the NGINX Webhook Certificate generator to be installed | `string` | `"a9f03b34a3cbfbb26d103a14046ab2c5130a80c3d69d526ff8063d2b37b9fd3f"` | no |
+| <a name="input_ingress_webhook_certgen_version"></a> [ingress\_webhook\_certgen\_version](#input\_ingress\_webhook\_certgen\_version) | The version of the NGINX Webhook Certificate generator to be installed | `string` | `"1.4.4"` | no |
+| <a name="input_local_node_ports"></a> [local\_node\_ports](#input\_local\_node\_ports) | Defines the node ports to use with the local cluster (kind) | <pre>list(object({<br/>    app_protocol = string<br/>    name         = string<br/>    target_port  = string<br/>    protocol     = string<br/>    port         = number<br/>    node_port    = number<br/>  }))</pre> | <pre>[<br/>  {<br/>    "app_protocol": "http",<br/>    "name": "http",<br/>    "node_port": 30000,<br/>    "port": 80,<br/>    "protocol": "TCP",<br/>    "target_port": "http"<br/>  },<br/>  {<br/>    "app_protocol": "https",<br/>    "name": "https",<br/>    "node_port": 30001,<br/>    "port": 443,<br/>    "protocol": "TCP",<br/>    "target_port": "https"<br/>  }<br/>]</pre> | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where to install the services | `string` | `"ingress-nginx"` | no |
 
 ## Outputs