module "istio-oss-stack" {
#count = var.enable_istio_oss_stack ? 1 : 0
source = "git::[email protected]:blackpegaz/terraform-istio-oss-stack.git?ref=beta-v2"
# Global
domain = "example.com"
istio_enabled = true
# istio_platform = "gcp"
# Common parameters for all istiod instances
istio_istiod_overlay_helm_values = {}
# Map of istiod instances
istio_istiod_instance = {
"1-19" = {
version = "1.19.4"
revision = "1-19"
is_default_revision = false
revisiontags_binding = "old-stable"
helm_values = {}
},
"1-20" = {
version = "1.20.2"
revision = "1-20"
is_default_revision = true
revisiontags_binding = "stable"
helm_values = {
"pilot": {
"autoscaleEnabled": true,
"autoscaleMax": 3,
"autoscaleMin": 2
},
}
}
}
# istio-ingressgateway
istio_ingressgateway_enabled = true
istio_ingressgateway_version = "1.20.2"
istio_ingressgateway_revision_binding = "stable"
istio_ingressgateway_overlay_helm_values = {}
istio_ingressgateway_create_shared_secured_gateway = false
# kiali
kiali_operator_enabled = true
kiali_operator_version = "1.77.0"
kiali_operator_accessible_namespaces = ["istio-system","demo.*"]
kiali_operator_overlay_helm_values = {}
# jaeger
jaeger_operator_enabled = true
jaeger_operator_version = "2.49.0"
jaeger_operator_overlay_helm_values = {}
# cert-manager
cert_manager_enabled = true
cert_manager_version = "v1.13.3"
cert_manager_overlay_helm_values = {}
# kube-prometheus-stack
kube_prometheus_stack_enabled = true
kube_prometheus_stack_version = "55.5.0"
}
| Name | Version |
|---|---|
| terraform | ~> 1.5.5 |
| helm | ~> 2.12.1 |
| http | 3.4.1 |
| kubectl | >= 2.0.4 |
| kubernetes | 2.25.2 |
| Name | Version |
|---|---|
| helm | 2.12.1 |
| http | 3.4.1 |
| kubectl | 2.0.4 |
| kubernetes | 2.24.0 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cert_manager_enabled | Flag to enable or disable the installation of cert-manager components | bool |
true |
no |
| cert_manager_helm_repo | The URL of the cert-manager Helm repository | string |
"https://charts.jetstack.io" |
no |
| cert_manager_namespace | The name of the cert-manager namespace | string |
"cert-manager" |
no |
| cert_manager_overlay_helm_values | Any values to pass as an overlay to the cert-manager Helm values | any |
{} |
no |
| cert_manager_version | The version of the cert-manager Helm release | string |
"" |
no |
| crds_sensitive_fields | List of fields (dot-syntax) which are sensitive and should be obfuscated in output. This feature is used here to reduce the size of the output for the CRDs. | list(any) |
[ |
no |
| domain | The FQDN used to configure external urls" Example: "example.com" |
string |
n/a | yes |
| istio_base_crds_version | The version of the istio-base CRDs | string |
"" |
no |
| istio_base_enabled | Flag to enable or disable the installation of istio-base components | bool |
true |
no |
| istio_base_namespace | The name of the istio-base namespace | string |
"istio-system" |
no |
| istio_base_overlay_helm_values | Any values to pass as an overlay to the istio-base Helm values | any |
{} |
no |
| istio_base_version | The version of the istio-base Helm release | string |
"" |
no |
| istio_cni_enabled | Flag to enable or disable the installation of istio-cni components | bool |
true |
no |
| istio_cni_namespace | The name of the istio-cni namespace | string |
"kube-system" |
no |
| istio_cni_overlay_helm_values | Any values to pass as an overlay to the istio-cni Helm values | any |
{} |
no |
| istio_cni_version | The version of the istio-cni Helm release | string |
"" |
no |
| istio_enabled | Flag to enable or disable the installation of all istio components | bool |
true |
no |
| istio_helm_repo | The URL of the Istio Helm repository | string |
"https://istio-release.storage.googleapis.com/charts" |
no |
| istio_ingressgateway_backendconfig_name | The name of the istio-ingressgateway BackendConfig (Only if platform is equal to GCP) | string |
"istio-ingressgateway" |
no |
| istio_ingressgateway_create_namespace | Flag to enable or disable the creation of the istio-ingressgateway namespace | bool |
true |
no |
| istio_ingressgateway_create_shared_secured_gateway | Flag to enable or disable the creation of the Istio Shared Secured Gateway | bool |
true |
no |
| istio_ingressgateway_enabled | Flag to enable or disable the installation of istio-ingressgateway components | bool |
false |
no |
| istio_ingressgateway_namespace | The name of the istio-ingressgateway namespace | string |
"istio-ingress" |
no |
| istio_ingressgateway_overlay_helm_values | Any values to pass as an overlay to the istio-ingressgateway Helm values | any |
{} |
no |
| istio_ingressgateway_revision_binding | The binding to either the "canary", "stable" or "old-stable" revisionTag | string |
"stable" |
no |
| istio_ingressgateway_shared_secured_gateway_name | The name of the istio-ingressgateway of the Istio Shared Secured Gateway | string |
"istio-ingressgateway" |
no |
| istio_ingressgateway_shared_secured_gateway_namespace | The name of the istio-ingressgateway/shared-secured-gateway namespace | string |
"istio-ingress" |
no |
| istio_ingressgateway_version | The version of the istio-ingressgateway Helm release | string |
"" |
no |
| istio_istiod_enabled | Flag to enable or disable the installation of istio-istiod components | bool |
true |
no |
| istio_istiod_instance | Map of objects used to configure one or more instances of istio-istiod. Example: { "1-19" = { version = "1.19.3" revision = "1-19" is_default_revision = true revisiontags_binding = "stable" helm_values = { "pilot": { "autoscaleEnabled": true, "autoscaleMax": 3, "autoscaleMin": 2 }, } }, } |
any |
{} |
no |
| istio_istiod_namespace | The name of the istio-istiod namespace | string |
"istio-system" |
no |
| istio_istiod_overlay_helm_values | Any values to pass as an overlay to the istio-istiod Helm values | any |
{} |
no |
| istio_oss_stack_default_nodeselector | Map of key/value pairs used to configure nodeSelector for the entire stack. Example: {"disktype":"ssd"} } |
map(any) |
{} |
no |
| istio_platform | (Optional) Platform where Istio is deployed. Possible values are: "openshift", "gcp", "". An empty value means it is a vanilla Kubernetes distribution, therefore no special treatment will be considered. Default: "" |
string |
"" |
no |
| jaeger_helm_repo | The URL of the Jaeger Helm repository | string |
"https://jaegertracing.github.io/helm-charts" |
no |
| jaeger_operator_create_instance_allinone | Flag to enable or disable the creation of a Jaeger All-in-One instance | bool |
true |
no |
| jaeger_operator_enabled | Flag to enable or disable the installation of jaeger-operator components | bool |
true |
no |
| jaeger_operator_instance_allinone_affinity | Map of objects used to configure affinity rules for the Jaeger All-in-One instance. Example: { "nodeAffinity": { "requiredDuringSchedulingIgnoredDuringExecution": { "nodeSelectorTerms": [ { "matchExpressions": [ { "key": "kubernetes.io/os", "operator": "In", "values": [ "linux" ] } ] } ] } }, } |
map(any) |
{} |
no |
| jaeger_operator_instance_allinone_image_version | The version of the Jaeger All-in-One instance image | string |
"1.52.0" |
no |
| jaeger_operator_namespace | The name of the jaeger-operator namespace | string |
"observability" |
no |
| jaeger_operator_overlay_helm_values | Any values to pass as an overlay to the jaeger-operator Helm values | any |
{} |
no |
| jaeger_operator_version | The version of jaeger-operator Helm release | string |
n/a | yes |
| kiali_helm_repo | The URL of the Kiali Helm repository | string |
"https://kiali.org/helm-charts" |
no |
| kiali_operator_accessible_namespaces | List of namespaces which are accessible to the Kiali server itself. Only these namespaces will be displayed into the Kiali UI. Example: ["istio-system","mycorp_.*"] |
list(any) |
[] |
no |
| kiali_operator_enabled | Flag to enable or disable the installation of kiali-operator components | bool |
true |
no |
| kiali_operator_namespace | The name of the kiali-operator namespace | string |
"kiali-operator" |
no |
| kiali_operator_overlay_helm_values | Any values to pass as an overlay to the kiali-operator Helm values | any |
{} |
no |
| kiali_operator_version | The version of the kiali-operator Helm release | string |
n/a | yes |
| kube_prometheus_stack_enabled | Flag to enable or disable the installation of the kube-prometheus-stack components | bool |
true |
no |
| kube_prometheus_stack_helm_repo | The URL of the kube-prometheus-stack Helm repository | string |
"https://prometheus-community.github.io/helm-charts" |
no |
| kube_prometheus_stack_namespace | The name of the kube-prometheus-stack namespace | string |
"monitoring" |
no |
| kube_prometheus_stack_overlay_helm_values | Any values to pass as an overlay to the kube-prometheus-stack Helm values | any |
{} |
no |
| kube_prometheus_stack_version | The version of the kube-prometheus-stack Helm release | string |
"" |
no |
| prometheus_url | The URL used to query the Prometheus Server. Example: "http://kube-prometheus-stack-prometheus.monitoring.svc:9090" |
string |
"" |
no |
| revisiontags_canary | The name of the "revisionTag" which is bound to the "canary" Istio revision. Your app should only reference this revisionTag in case of a canary upgrade. | string |
"prod-canary" |
no |
| revisiontags_old_stable | The name of the "revisionTag" which is bound to the "old-stable" Istio revision. This is the previous stable revision you expect to remove when all the workload will be migrated to the new stable revision. | string |
"old-stable" |
no |
| revisiontags_stable | The name of the "revisionTag" which is bound to the "stable" Istio revision. Your app should reference this revisionTag when there is no canary upgrade in progress. | string |
"prod-stable" |
no |
| Name | Description |
|---|---|
| istio | Informations regarding Istio installation. |