Cilium network policies module

A Terraform module for implementing Cilium Network Policies

Documentation

Technical description of module

In order to use this module, you need to use the Terraform kubernetes provider in a version higher than, or equal to, version 2.4.1. In addition, Terraform must be of version 0.13 or above.

An additional requirement is that the Beta feature kubernetes_manifest is enabled for the kubernetes provider:

provider "kubernetes" {
    ....

    experiments {
        manifest_resource = true
    }
}

To upgrade from the kubernetes_alpha provider, to using the Beta channel of the kubernetes provider, you can follow the instructions as provided here: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/guides/alpha-manifest-migration-guide

How to use this module

Create a module in your Terraform repository, and pin a release (for example) like this:

module "cilium_network_policies" {
  source = "github.com/evry-ace/tf-cilium-network-policies.git?ref=vX.Y.Z"

  parameter(s) = value

}

And you should be off to the races :)

Create DNS visibility network policies

You can create a DNS visibility network policy for individual namespaces, or for all namespaces in your Kubernetes cluster. If you set enable_dns_visibility to true, the deciding factor is whether or not the dns_namespaces parameter is assigned any value.

If dns_namespaces is omitted, or set like dns_namespaces = "", a DNS visibility network policy will be created in all namespaces in your Kubernetes cluster.

Example, creating in all namespaces

...

  enable_dns_visibility = true

}

If dns_namspace is set, the network policy will only be created for the defined value.

Example, create for one or more namespaces

...

  enable_dns_visibility = true
  dns_namespaces         = ["namespace1", "namespace2",]

}

Module idiosyncrasies

None

Providers

Name	Version
terraform	>= 0.13
kubernetes	>= 2.4.1

Modules

No modules.

Resources

Name	Type
kubernetes_manifest.dns_visibility	resource

Inputs

Name	Description	Type	Default	Required
enable_dns_visibility	Define whether or not the DNS visibility Cilium network policy should be created.	`bool`	`false`	no
dns_namespaces	Name of the Kubernetes namespace(s) to install the Cilium Network Policies in	`list(string)`	`[]`]	yes

Outputs

No outputs.

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
.editorconfig		.editorconfig
.gitignore		.gitignore
.markdownlint.json		.markdownlint.json
LICENSE		LICENSE
OWNERS		OWNERS
README.md		README.md
contributing.md		contributing.md
dns_visibility.tf		dns_visibility.tf
providers.tf		providers.tf
variables.tf		variables.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Cilium network policies module

Documentation

Technical description of module

How to use this module

Create DNS visibility network policies

Module idiosyncrasies

Providers

Modules

Resources

Inputs

Outputs

About

Releases 8

Packages

Contributors 2

Languages

License

evry-ace/tf-cilium-network-policies

Folders and files

Latest commit

History

Repository files navigation

Cilium network policies module

Documentation

Technical description of module

How to use this module

Create DNS visibility network policies

Module idiosyncrasies

Providers

Modules

Resources

Inputs

Outputs

About

Resources

License

Stars

Watchers

Forks

Releases 8

Packages 0

Contributors 2

Languages

Packages