Skip to content

Commit a06d6d5

Browse files
huehnerhosehuehnerhose
committed
add wildcard certificates to anchor certs;
unify linkerd_version
1 parent 113ebeb commit a06d6d5

File tree

4 files changed

+19
-19
lines changed

4 files changed

+19
-19
lines changed

anchor-cert.tf

+13-13
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,13 @@
11
// Create trusted Anchor Certificate
22

3+
locals {
4+
cert_domains = [
5+
var.cluster_dns_name,
6+
"*.${var.cluster_dns_name}",
7+
"*.cluster.local"
8+
]
9+
}
10+
311
resource "tls_private_key" "trustanchor_key" {
412
count = var.external_trustanchor ? 0 : 1
513
algorithm = "ECDSA"
@@ -12,13 +20,9 @@ resource "tls_self_signed_cert" "trustanchor_cert" {
1220
validity_period_hours = 87600
1321
is_ca_certificate = true
1422

15-
uris = [
16-
var.cluster_dns_name
17-
]
23+
uris = local.cert_domains
1824

19-
dns_names = [
20-
var.cluster_dns_name
21-
]
25+
dns_names = local.cert_domains
2226

2327
subject {
2428
common_name = "root.linkerd.${var.cluster_dns_name}"
@@ -40,13 +44,9 @@ resource "tls_private_key" "issuer_key" {
4044
resource "tls_cert_request" "issuer_req" {
4145
private_key_pem = tls_private_key.issuer_key.private_key_pem
4246

43-
uris = [
44-
var.cluster_dns_name
45-
]
47+
uris = local.cert_domains
4648

47-
dns_names = [
48-
var.cluster_dns_name
49-
]
49+
dns_names = local.cert_domains
5050

5151
subject {
5252
common_name = "identity.linkerd.${var.cluster_dns_name}"
@@ -58,7 +58,7 @@ resource "tls_locally_signed_cert" "issuer_cert" {
5858
ca_private_key_pem = var.external_trustanchor ? var.trustanchor_key.private_key_pem : tls_private_key.trustanchor_key[0].private_key_pem
5959
ca_cert_pem = var.external_trustanchor ? var.trustanchor_cert.cert_pem : tls_self_signed_cert.trustanchor_cert[0].cert_pem
6060
validity_period_hours = 8760
61-
is_ca_certificate = false
61+
is_ca_certificate = true
6262

6363
allowed_uses = [
6464
"crl_signing",

install.tf

+1-1
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ resource "helm_release" "linkerd-multicluster" {
7474
values = [
7575
templatefile("${path.module}/multicluster-values.yaml.tpl", {
7676
installNamespace = var.multicluster_installNamespace
77-
linkerdVersion = var.multicluster_linkerdVersion
77+
linkerdVersion = var.linkerd_version
7878
namespace = var.multicluster_namespace
7979
proxyOutboundPort = var.multicluster_proxyOutboundPort
8080
remoteMirrorServiceAccount = var.multicluster_remoteMirrorServiceAccount

variables.tf

+5
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,11 @@ variable "cluster_dns_name" {
44
default = "cluster.local"
55
}
66

7+
variable "linkerd_version" {
8+
description = "linkerd version to be installed"
9+
type = string
10+
}
11+
712
variable "enable_linkerd_ha" {
813
description = "Enable Linkerd HA Mode for production cluster if true"
914
type = bool

variables_multicluster.tf

-5
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,6 @@ variable "multicluster_installNamespace" {
5959
type = string
6060
default = "true"
6161
}
62-
variable "multicluster_linkerdVersion" {
63-
description = "see https://artifacthub.io/packages/helm/linkerd2/linkerd-multicluster?modal=values"
64-
type = string
65-
default = "stable-2.11.1"
66-
}
6762
variable "multicluster_namespace" {
6863
description = "see https://artifacthub.io/packages/helm/linkerd2/linkerd-multicluster?modal=values"
6964
type = string

0 commit comments

Comments
 (0)