{"id":22423952,"url":"https://github.com/statcan/terraform-kubernetes-istio-operator","last_synced_at":"2025-08-01T07:32:39.817Z","repository":{"id":41098418,"uuid":"289349239","full_name":"StatCan/terraform-kubernetes-istio-operator","owner":"StatCan","description":"Terraform module for Istio Operator","archived":false,"fork":false,"pushed_at":"2023-01-20T14:51:55.000Z","size":81,"stargazers_count":4,"open_issues_count":0,"forks_count":3,"subscribers_count":5,"default_branch":"master","last_synced_at":"2023-03-02T22:23:18.802Z","etag":null,"topics":["kubernetes","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/StatCan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2020-08-21T19:28:02.000Z","updated_at":"2023-01-19T07:12:46.000Z","dependencies_parsed_at":"2023-02-12T03:01:05.713Z","dependency_job_id":null,"html_url":"https://github.com/StatCan/terraform-kubernetes-istio-operator","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StatCan%2Fterraform-kubernetes-istio-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StatCan%2Fterraform-kubernetes-istio-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StatCan%2Fterraform-kubernetes-istio-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StatCan%2Fterraform-kubernetes-istio-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/StatCan","download_url":"https://codeload.github.com/StatCan/terraform-kubernetes-istio-operator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228348330,"owners_count":17905899,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","terraform"],"created_at":"2024-12-05T18:13:36.119Z","updated_at":"2024-12-05T18:13:36.646Z","avatar_url":"https://github.com/StatCan.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Kubernetes Istio Operator\n\n## Introduction\n\nThis module installs the Istio Operator v1.16.1. It attempts to replicate the installation via:\n\n```bash\nistioctl operator init\n```\n\nThe ability to specify the **tag** of the image is available, however, this may cause issues since this\nmodule uses the manifests of a specific version.\n\n## Security Controls\n\nThe following security controls can be met through configuration of this template:\n\n* TBD\n\n## Requirements\n\n* The namespace where Istio Operator is to be installed should already be created. (default istio-operator)\n* Terraform v0.13+\n* terraform-provider-kubernetes 2.4+\n* terraform-provider-helm 2.0+\n\n## Namespace Label Requirements\n\nThe namespace provided as the *namespace* variable requires the following labels:\n* istio-operator-managed=Reconcile\n* istio-injection=disabled\n\n## Module Versioning\n\nAs of release v2.0.0, versioning will return to SEMVER so as to simplify releases.\n\n## Optional (depending on options configured):\n\n* None\n\n## Usage\n\n```terraform\nmodule \"istio_operator\" {\n source = \"git::https://github.com/canada-ca-terraform-modules/terraform-kubernetes-istio-operator.git?ref=v2.6.0\"\n\n # The following are variables that can be specified, but come with sane defaults\n namespace = \"istio-operator\"\n watch_namespaces = [\"istio-system\"]\n}\n```\n\n## Variables Values\n\n| Name | Type | Required | Default Value | Description |\n| -------------------------- | ------------ | -------- | -------------------------------- | ---------------------------------------------------------------------------------------------------- |\n| namespace | string | no | \"istio-operator\" | The namespace in which to install the Istio Operator. |\n| hub | string | no | \"docker.io/istio\" | The hub where the image repositories are located. |\n| node_selector | map(string) | no | {} | `nodeSelector`s that should be added to the operators Pod. |\n| resources | object | no | see [variables.tf](variables.tf) | The resource requests and limits for the deployment. |\n| tag | string | no | \"1.16.1\" | The tag of the image to use. WARNING: Use at own risk. |\n| wait_for_resources_timeout | number | no | 300 | The amount of seconds that the operator should wait for a timeout. |\n| watch_namespaces | list(string) | no | [\"istio-system\"] | The namespaces that the Operator should watch for IstioOperator manifests. Empty for all Namespaces. |\n\n## Updating Modules\n\n### Migrating to v2+\n\nThere are 4 major changes in v2.0.0:\n - Labels on the namespace are no longer being set by the module (see [Namespace Label Requirements](#namespace-label-requirements))\n - Use of a Helm chart to deploy CRDs via `helm_release` resource instead of `kubectl` via the `null_resource`\n Note: the terraform-provider-kubernetes `kubernetes_manifest` was attempted to be used, however, in its current beta state\n it has difficulties reconciling resources and is still in beta.\n - Extracting the deployment of the **IstioOperator** manifest to allow for multiple IstioOperator configuration (important for Canary deployments)\n - Change of the `istio_namespace` variable to `watch_namespaces` for configurations that are more contextualized to the operator.\n This allows for the IstioOperator manifest to be deployed and actioned by the controller in these namespaces.\n\nTo ensure the successful upgrade , the following commands will need to be run:\n\n```bash\nmodule_name=istio_operator; # The label used for the module. Change based on your usage.\nnamespace=istio-operator; # Value entered as namespace in module \u003c v2.0.0\n\n# Labels are no longer being modified by the module\nterraform state rm module.$module_name.null_resource.istio_operator_namespace_label;\n\n# The IstioOperator manifest is no longer being deployed in this module.\n# Please see: https://gitlab.k8s.cloud.statcan.ca/cloudnative/terraform/modules/terraform-kubernetes-istio-operator-instance\nterraform state rm module.$module_name.null_resource.istio_operator;\n\n# istio-operator Deployment can now be deployed with the provider due\n# to fieldRefs being added.\nterraform state rm module.$module_name.null_resource.istio_operator_controller\n\n# Remove the installation of the CRD via null_resource\nterraform state rm module.$module_name.null_resource.istio_operator_crd;\n\n# Replace istio-operator namespace if not in default location\nterraform import module.$module_name.kubernetes_deployment.istio_operator_controller $namespace/istio-operator;\n```\n\n## CRD Installation\n\nThere seem to be some regressions when it comes to the CRD that is installed via `istioctl`. Following is a table of\nthe CRD versions that are installed in each `istioctl` version:\n\n| istioctl Version | CRD Version |\n| ---------------- | ----------------------------------------------------- |\n| v1.6.14 | CustomResourceDefinition.apiextensions.k8s.io/v1beta1 |\n| v1.7.8 | CustomResourceDefinition.apiextensions.k8s.io/v1 |\n| v1.8.6 | CustomResourceDefinition.apiextensions.k8s.io/v1beta1 |\n| v1.9.9 | CustomResourceDefinition.apiextensions.k8s.io/v1beta1 |\n| v1.10.6 | CustomResourceDefinition.apiextensions.k8s.io/v1 |\n| v1.16.1 | CustomResourceDefinition.apiextensions.k8s.io/v1 |\n\nNote: the v1beta1 CRDs are missing the `type` parameter under **spec.validation.openAPIV3Schema** which causes some\nvalidation issues with `kubernetes_manifest` resources.\n\nTo combat this, the v1 CRD has been backported to v2.0.0 to simplify installations.\n\n## History\n\n| Date | Release | Change |\n| -------- | ----------- | --------------------------------------------------------- |\n| 20200821 | v1.0.0 | 1st release |\n| 20210204 | v1.6.14 | Update to use the manifest dump of Istio Operator 1.6.14. |\n| 20210824 | v1.0.1-tf13 | Align module to work with Terraform v0.13 |\n| 20210830 | v2.0.0 | Use new `kubernetes_manifest` resource from provider 2.4+ |\n| - | - | Move out the installation of the IstioOperator manifest |\n| 20210831 | v2.1.0 | Update resources for Istio 1.7.8 |\n| 20211021 | v2.1.1 | Add ability to specify resources. |\n| 20220225 | v2.2.0 | Add output of tag |\n| 20220511 | v2.3.0 | Add ability to set nodeSelectors. |\n| 20220607 | v2.4.0 | Update resources for Istio 1.8.6 |\n| 20220628 | v2.5.0 | Update resources for Istio 1.10.6 |\n| 20220628 | v2.6.0 | Update resources for Istio 1.16.1 |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstatcan%2Fterraform-kubernetes-istio-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstatcan%2Fterraform-kubernetes-istio-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstatcan%2Fterraform-kubernetes-istio-operator/lists"}