From b1f896642b18a1249dab1f1ad31ce58f7f350221 Mon Sep 17 00:00:00 2001
From: runalsh <21105673+runalsh@users.noreply.github.com>
Date: Wed, 3 Jul 2024 23:32:52 +0300
Subject: [PATCH] add cilium instead kube-proxy and some refactor

---
 cilium-module.tf            |   7 ++
 cilium/cilium.tf            | 102 +++++++++++++++++++++++++++
 cilium/providers.tf         |  10 +++
 cilium/vars.tf              |   4 ++
 kind-config                 |  16 -----
 kind-module.tf              |   8 +++
 kind(NO).tf => kind/kind.tf | 135 ++++++++++++++++--------------------
 kind/output.tf              |   3 +
 kind/providers.tf           |  18 +++++
 kind/vars.tf                |  21 ++++++
 main.tf                     |   4 +-
 readme.md                   |   1 +
 terraform.tfvars            |   8 ++-
 values/cilium.yaml          |  21 ++++++
 vars.tf                     |  20 ++++++
 15 files changed, 285 insertions(+), 93 deletions(-)
 create mode 100644 cilium-module.tf
 create mode 100644 cilium/cilium.tf
 create mode 100644 cilium/providers.tf
 create mode 100644 cilium/vars.tf
 create mode 100644 kind-module.tf
 rename kind(NO).tf => kind/kind.tf (64%)
 create mode 100644 kind/output.tf
 create mode 100644 kind/providers.tf
 create mode 100644 kind/vars.tf
 create mode 100644 values/cilium.yaml

diff --git a/cilium-module.tf b/cilium-module.tf
new file mode 100644
index 0000000..ba7897c
--- /dev/null
+++ b/cilium-module.tf
@@ -0,0 +1,7 @@
+module "cilium" {
+  source = "./cilium"
+
+  kind_local_domain=var.kind_local_domain
+
+  count = var.cilium ? 1 : 0  
+}  
\ No newline at end of file
diff --git a/cilium/cilium.tf b/cilium/cilium.tf
new file mode 100644
index 0000000..b14b789
--- /dev/null
+++ b/cilium/cilium.tf
@@ -0,0 +1,102 @@
+locals {
+  cilium_cert_secret = "cilium-https-cert"
+}
+
+resource "helm_release" "cilium" {
+#   count            = var.use_cilium ? 1 : 0
+  name             = "cilium"
+  repository       = "https://helm.cilium.io/"
+  chart            = "cilium"
+  version          = "1.15.6"
+  namespace        = "cilium"
+  create_namespace = true
+
+  set {
+    name  = "image.pullPolicy"
+    value = "IfNotPresent"
+  }
+
+  set {
+    name  = "ipam.mode"
+    value = "kubernetes"
+  }
+
+  set {
+    name  = "hubble.enabled"
+    value = "true"
+  }
+
+  set {
+    name  = "hubble.ui.enabled"
+    value = "true"
+  }
+
+  set {
+    name  = "hubble.relay.enabled"
+    value = "true"
+  }
+#   # Make sure `kind` has written the `kubeconfig` before we move forward
+#   # with installing helm.
+}
+
+# module "cilium_tls" {
+# #   count     = var.use_cilium ? 1 : 0
+#   source    = "./modules/tls-cert"
+#   namespace = helm_release.cilium[0].namespace
+#   dns_names = [
+#     "hubble.${var.base_domain}"
+#   ]
+# #   certs_path = var.certs_path
+# }
+
+resource "kubectl_manifest" "hubble_grpc_service" {
+#   count     = var.use_cilium ? 1 : 0
+  yaml_body = <<YAML
+apiVersion: v1
+kind: Service
+metadata:
+  name: hubble-ui-grpc
+  namespace: ${helm_release.cilium.namespace}
+spec:
+  ports:
+  - name: grpc
+    port: 80
+    protocol: TCP
+    targetPort: 8090
+  selector:
+    k8s-app: hubble-ui
+  type: ClusterIP
+YAML
+}
+
+
+resource "kubectl_manifest" "hubble_ingress" {
+#   count     = var.use_cilium ? 1 : 0
+  yaml_body = <<YAML
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: hubble-ui
+  namespace: ${helm_release.cilium.namespace}
+spec:
+  virtualhost:
+    fqdn: hubble.${var.kind_local_domain}
+  routes:
+    - conditions:
+      - prefix: /api
+      enableWebsockets: true
+      services:
+        - name: hubble-ui-grpc
+          port: 80
+          protocol: h2c
+      timeoutPolicy:
+        response: 1h
+
+    - conditions:
+      - prefix: /
+      enableWebsockets: true
+      services:
+        - name: hubble-ui
+          port: 80
+YAML
+}
diff --git a/cilium/providers.tf b/cilium/providers.tf
new file mode 100644
index 0000000..e234d49
--- /dev/null
+++ b/cilium/providers.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    kubectl = {
+      source = "gavinbunney/kubectl"
+      version = "1.14.0"
+    }
+  }
+}
diff --git a/cilium/vars.tf b/cilium/vars.tf
new file mode 100644
index 0000000..ce57742
--- /dev/null
+++ b/cilium/vars.tf
@@ -0,0 +1,4 @@
+variable "kind_local_domain" { 
+  type = string
+  default = "kind.local"
+}
\ No newline at end of file
diff --git a/kind-config b/kind-config
index cf60391..2ebf5e0 100644
--- a/kind-config
+++ b/kind-config
@@ -1,19 +1,3 @@
 apiVersion: v1
-clusters:
-- cluster:
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJZDNGekFNZFVicW93RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBM01ESXdPRFEwTURGYUZ3MHpOREEyTXpBd09EUTVNREZhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUNndjZqaStHaDJtR1BlenZUMjdRUEczNXdhUzhrTnpaelY3Q0ZRODdlek5ldUo2a3oxbFBiYzVoV1UKY1JwUHZNSGZFZ296ZnkrWk90TDFzWmJOUythVlV2dG1CZ04rZHJZcW4vaUxUaEFHU2xwNkxiYmViRFRvZm1XaApaWm5hTWRENDdFbjl6VE5aUWFnR2QzSWZ1MGxkYUtHZncrTk5mVmJUZk96ZDRNUkFJeWNLb3NHS0IxTThrTmZxCmMrZHUrRmVhUG9zK0VJR2I0K0ZDckhtSFZzZ09OL2ZxN29sYzJCRTV0bnhpMmhEV0xPcDdEZzlqZ3RjeGxEUmwKcUtKREtGSlpzd1VmMkp0K1VlMGtIRjkrSTRoZ2UxS1hYMy9pQVhhT2VKU3ovUm95QTlxL1ZrRXBQaHIwQXhCYwozNlVCZXFoMlVqSkxjQVFBUXVXT3dWUG56a3d4QWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJUck0rVmViMXRzeEpTUVp4ZFI3aDV4K3F2aUJEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkN6QmZVUVpldApuQlB4YXo1NG5Id2dGc1kxbjIzNWdjOGd2d1RZSVJGcVN3dE42anpHa3M1WjFadW9ucXM5djlxRXlicThBOTVjCnJzTlVEcE05M0JDOFlmWUhVYzZXRnJEeGpzYkRqWnpuc3p3RnJsUmNqcWxYNWdYRmtMNEN3VlQxVThSQzBmWUIKR3hpUTdjcUt1WXZ5WGdjaythclJ4TDVCaE9hUmk1SUwremhWcGo5ajFybUpoYXJKTXU1eDFuaHhQcU1KY0UrMgpBN3JQOFBMZUVCVzh0UFZHZWZmV3dYYlNtRmo3UXU0V1F4K3ZNK3lxd01CZWZSc3NJTXdkNzB2N3FvVjR6dms3CmtRRUlmc2xmcExCcFNwdTVYaUtxVktDRTl4KzRUVGt0ZG9KcjBkWVljL1B5TDRxUVpTNVlhZEY4aEdYd0xLQXEKYVJ2M0VqK0RjS00vCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-    server: https://127.0.0.1:59971
-  name: kind-kind
-contexts:
-- context:
-    cluster: kind-kind
-    user: kind-kind
-  name: kind-kind
-current-context: kind-kind
 kind: Config
 preferences: {}
-users:
-- name: kind-kind
-  user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lJV1FXTzlQdXZpMzh3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBM01ESXdPRFEwTURGYUZ3MHlOVEEzTURJd09EUTVNRE5hTUR3eApIekFkQmdOVkJBb1RGbXQxWW1WaFpHMDZZMngxYzNSbGNpMWhaRzFwYm5NeEdUQVhCZ05WQkFNVEVHdDFZbVZ5CmJtVjBaWE10WVdSdGFXNHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEWm1kLzIKUDNHOVBCRDV0MXRmR2wwUFBHWlZ4RGpqSDBkVHhLeUlUNStBSE92Z2puTTUxc0Y3YzRMRGVGbmR1Rk9RNlpJcAo3MDRQViswR1IvRWxvb2hFV09vRnIwZVZvQStaT3Z2NWd3ek43NFZ4dmp4REZWbm4xYnFIZTZ6dnNDRHdROWlRCklBT1hvWUhvZ3RmNnhoLzFZeThadUo4ejBOVHJYRm0xU21wYXFaYTNoSzgzVTFaRDBIMytPbS9kVENLSENzSisKU3VGRUxJUDNMWWxsbnhrSDhLZ3AyZHlXNUpVYTFlY3VkUS90WC9IMDdtQTdsUHZraVBnUG54TDFERlY1TGMydgpueVJ0Q1E3SVFtMXhCZ1hFTjBRUW85Mmc5Wlk0RTk2SDl6YWhpa05TYm5oVi9UNGhnVnpUdUh5QkV3K0NqcUNoCmdPcnlRR2RGcys2bmYvcFRBZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUsKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRk9zejVWNXZXMnpFbEpCbgpGMUh1SG5INnErSUVNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJTV0ZNSktucHdXbVNCN3FrdUtjOTZqNXU5CjJUNEdIa0hjQ1Q3cnRrb0Z6Y2U2UlhYYVVIcC9iSkJ4ZkhCWTZ0K1FDRzdrSFVUdW5SYU1NRHRCNkIzNWRrd2IKMndub2NTajFrYjIxZUU2bHZYU25NQlhrRzlHRnFhZW1lRkhKY01uVXdrTDV4VGVUbUxwQml0WUQ1MHJVSmZTTApCQ2lGMzNYQUlLcHZUajBOS3NDYTNYelZpcHFlVDJYR3NIR2NMNjZ4OGJjSThDYVJYTXREOHBUR2ZwUktsdG1nCmxOdXJnWStNNWxlbHY1UmRQWW1WYTRLR0d3TmJXWlhXWDBCZ1VoQzNLcnNUWHFvSXAyM1BHMXdaSVpra1RIdC8KSUg2bjMyMmlUTytidFM4QS9CR1pjQTJaRk16N1BrbStCV2tsQzI0UjhQOEJ5d3pPYmFjZzJoK3EvYWwrCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMlpuZjlqOXh2VHdRK2JkYlh4cGREenhtVmNRNDR4OUhVOFNzaUUrZmdCenI0STV6Ck9kYkJlM09DdzNoWjNiaFRrT21TS2U5T0QxZnRCa2Z4SmFLSVJGanFCYTlIbGFBUG1UcjcrWU1NemUrRmNiNDgKUXhWWjU5VzZoM3VzNzdBZzhFUFlrQ0FEbDZHQjZJTFgrc1lmOVdNdkdiaWZNOURVNjF4WnRVcHFXcW1XdDRTdgpOMU5XUTlCOS9qcHYzVXdpaHdyQ2ZrcmhSQ3lEOXkySlpaOFpCL0NvS2RuY2x1U1ZHdFhuTG5VUDdWL3g5TzVnCk81VDc1SWo0RDU4UzlReFZlUzNOcjU4a2JRa095RUp0Y1FZRnhEZEVFS1Bkb1BXV09CUGVoL2Myb1lwRFVtNTQKVmYwK0lZRmMwN2g4Z1JNUGdvNmdvWURxOGtCblJiUHVwMy82VXdJREFRQUJBb0lCQUNxMy9MSFpMcmtaeTdOYQpmY09qNTFVUVpINjk4UFVWdE9rTEdWd0JWYXpQQUxlcS81QUJTeWF6UEo2blIrMHhQS2FjVkNlTFpXVzV1enlhCmJ3c1daMjRUam8zakpVaUlqY2RsUHdaeTVkYWdDVENWU2p0Wk83YzV6RTdBeHVpZlNUZ2grYWdCd1BMSnNEazMKUnJOaXBlK0VzMEIzY0RtNTY3THhCR09FNG5BOXNqUVhTQ1cxcnRzMHJ2eU1ueXJ0b2RKT3dVbmExNE1WME04ZQppdzFNc3ZjUXB0VFd1NTEwdit1OVhKMSszM1Y0N0ViTERsUDJheUN2ZjZBNDRGNGVMdkdjWkdLVmdPWTJmNjFqCm50Mks4Q0lWTnZ3WEdxSGdXTzJSdVg0TVpSTUhQTE9hc1Y1eHFSOTBxakhNcDgveGxDZzRyTEFmK1RseE1GblgKNXZjaTRuRUNnWUVBODF3YVZhMDlQeDlaNXNVaklNcE55T3NrdncwN0tWa3AxcUFubFo2bk9JLzE0OEdCQkw1WgoxMGFpQmZjTlJQTjBRTDdrSWwxVG1vVDBJbU1SdFBUVjI1SGJ6cVJJYWZBYnY2VldUV3FyemtwVE9qZU96RnlKCmlVbDFNV1V2aWRwOFlDMXNQb0VXeG0yVS9UdzR4cXpMUXB1bDBZOGRxYm0zZGlKMmplQ05iaWNDZ1lFQTVPZEQKdm5xbU4wZHBpTURDWkhQMUpIdnVpWjRiUllKblBaNEhzeWRSQXc0WDIvbnMxTHowOTF6Szd3eEhMcE5tMG9abQpKVGNGMDEwUDFZOXBsSFhMcFZMbUhOVElSZmwwK01pdWhJWDZiK0tHT0lxR2pFRG1rQTdDMUNPb1g3VGNvRzZGCmtiYzdqcmpJVTRaVWxKYXdzby9TWXVURkN5YTlDWmRHd09hV1dmVUNnWUFuZmJ1OFNZZVYxYldXRUVtYUNacEQKejN6QUVCcVlwQ0o0OUxaWHZrNHVqSlgvWnFoVUo3dVdocHpHVVFmek4zcVhBeU1zUEc3VHRWMlVzdlR0bzRtTQp2d2VuYWR0aWJaZGpLeVp0RzdGVG9aWU43WFFiejZ4MS9kaXBzbHpiaHZ3Rjgza01UNUJ0bE56SGwxMHpTRmtYCnJ3QmltRkhjK0FsQWYya3pyc3Zrb3dLQmdCRmpCNkJHVEszU1BNL29aRnVnK3pQa1BnQXlCRHhKWlhJbXVNc0EKNTRSbDQ2WVAyODlrOHU1L0crTUFlYit0N3BkN0lmTWR0TkdUTmdxd3RBSlUyRDBjaU9JVHY0cWhJaU5yaXVZQwpEejNFWlJHU1pCbnZMQlF4S3RkV1JnblBBUnNtaWZyQmdrS2JBb3hsbmJNVHB5UkpERi82cElUdVVsbVNKZ3VzCitDcXBBb0dBSW9tTWYxTE5rZ0Q4TXFRWmlKbVFOamM1TjFHNGExZXhHNE92bWhSMWcxankyV0dDWmJFMmVCSDEKZStBdCtFQ09YV2pnWXhvSGpOOS9yMnJrOFZ2UkNObVZnQldLcVVWWGpxV01KRzhHRGxqUnp4VUhKVHBneGJ1WgpYVXRkN0lBVVNHRzNSL3hzTWxLL1puVFBONys2c2dlTXJzRldoMjdVT3hFbjQxTlEvSE09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
diff --git a/kind-module.tf b/kind-module.tf
new file mode 100644
index 0000000..f4e2715
--- /dev/null
+++ b/kind-module.tf
@@ -0,0 +1,8 @@
+module "kind" {
+  source = "./kind"
+
+  name = var.kind_cluster_name
+  kind_local_domain = var.kind_local_domain
+
+  count = var.kind ? 1 : 0  
+}  
\ No newline at end of file
diff --git a/kind(NO).tf b/kind/kind.tf
similarity index 64%
rename from kind(NO).tf
rename to kind/kind.tf
index ee1729e..209099d 100644
--- a/kind(NO).tf
+++ b/kind/kind.tf
@@ -1,8 +1,6 @@
-provider "kind" {
-}
 
 resource "kind_cluster" "kind" {
-  name = "kind"
+  name = var.name
   wait_for_ready = true
 #   kubeconfig_path = pathexpand(locals.kubectl_config_path)
   kind_config {
@@ -14,6 +12,11 @@ resource "kind_cluster" "kind" {
     #       config_path = "${local.containerd_config_path}"
     #   TOML
     # ]
+    networking {
+      disable_default_cni = true
+      kube_proxy_mode = "none"
+    }
+
     node {
           role = "control-plane"
           image = "kindest/node:v1.30.2"
@@ -48,33 +51,23 @@ resource "kind_cluster" "kind" {
 }
 }
 
-# provider "helm" {
-#   kubernetes {
-#     config_path = var.kubectl_config_path == "" ? local.kubectl_config_path : var.kubectl_config_path
-#     config_context = "kind-${kind_cluster.kind.name}"
-#   }
+# data "http" "kind_ingress_http" {
+#   url = "https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml"
+# }
+# data "kubectl_file_documents" "ingress_yaml_files" {
+#   content = data.http.kind_ingress_http.response_body
+# }
+# resource "kubectl_manifest" "ingress_manifest" {
+#   for_each  = data.kubectl_file_documents.ingress_yaml_files.manifests
+#   yaml_body = each.value
+#   depends_on = [ kubernetes_namespace.ingress_namespace, kind_cluster.kind ]
+# }
+# resource "kubernetes_namespace" "ingress_namespace" {
+#     metadata {
+#       name = "ingress"
+#     }
+#     depends_on = [ kind_cluster.kind, data.kubectl_file_documents.ingress_yaml_files ]
 # }
-
-data "http" "kind_ingress_http" {
-  url = "https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml"
-}
-data "kubectl_file_documents" "nginx_yaml_files" {
-  content = data.http.kind_ingress_http.response_body
-  depends_on = [ kind_cluster.kind ]
-}
-resource "kubectl_manifest" "nginx_manifest" {
-  provider = kubectl
-  for_each = data.kubectl_file_documents.nginx_yaml_files.manifests
-  yaml_body = each.value
-  wait = true
-  depends_on = [ kubernetes_namespace.nginx_namespace, kind_cluster.kind ]
-}
-resource "kubernetes_namespace" "nginx_namespace" {
-    metadata {
-      name = "ingress-nginx"
-    }
-    depends_on = [ kind_cluster.kind, data.kubectl_file_documents.nginx_yaml_files ]
-}
 
 # #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
@@ -113,7 +106,7 @@ resource "kubernetes_namespace" "nginx_namespace" {
 #     name = "configs.secret.argocdServerAdminPassword"
 #     value = bcrypt(var.argocd_admin_pass)
 #   }
-#   depends_on = [ kubectl_manifest.nginx_manifest ]
+#   depends_on = [ kubectl_manifest.ingress_manifest ]
 # }
 
 # // adding all the declartive argocd in the argo-apps folder to the cluster
@@ -125,56 +118,50 @@ resource "kubernetes_namespace" "nginx_namespace" {
 # #   depends_on = [ helm_release.helm_argo ]
 # # }
 
+# resource "helm_release" "metrics-server" {
+#   name       = "metrics-server"
+#   chart      = "metrics-server"
+#   namespace  = "kube-system"
+#   repository = "https://kubernetes-sigs.github.io/metrics-server"
+
+#   set {
+#     name  = "args"
+#     value = "{--kubelet-insecure-tls}"
+#   }
+#   depends_on = [ kind_cluster.kind ]
+# }
+
 # locals {
 #   cilium_cert_secret = "cilium-https-cert"
 # }
 
-# resource "helm_release" "cilium" {
-# #   count            = var.use_cilium ? 1 : 0
-#   name             = "cilium"
-#   repository       = "https://helm.cilium.io/"
-#   chart            = "cilium"
-#   version          = "1.15.6"
-#   namespace        = "cilium"
-#   create_namespace = true
+#cilium install --version 1.15.6
+#cilium hubble enable --ui
+#cilium hubble ui
 
-# #   set {
-# #     name  = "image.pullPolicy"
-# #     value = "IfNotPresent"
-# #   }
-
-# #   set {
-# #     name  = "ipam.mode"
-# #     value = "kubernetes"
-# #   }
-
-# #   set {
-# #     name  = "hubble.enabled"
-# #     value = "true"
-# #   }
-
-# #   set {
-# #     name  = "hubble.ui.enabled"
-# #     value = "true"
-# #   }
-
-# #   set {
-# #     name  = "hubble.relay.enabled"
-# #     value = "true"
-# #   }
-# #   # Make sure `kind` has written the `kubeconfig` before we move forward
-# #   # with installing helm.
-# }
+resource "helm_release" "cilium" {
+  name             = "cilium"
+  repository       = "https://helm.cilium.io/"
+  chart            = "cilium"
+  version          = "1.15.6"
+#   namespace        = "cilium"
+  namespace        = "kube-system"
+  wait             = true
+  wait_for_jobs    = true
+  create_namespace = true
+  timeout          = 600
+  values = [file("${path.module}/../values/cilium.yaml")]
+}
 
-# module "cilium_tls" {
-# #   count     = var.use_cilium ? 1 : 0
-#   source    = "./modules/tls-cert"
-#   namespace = helm_release.cilium[0].namespace
-#   dns_names = [
-#     "hubble.${var.base_domain}"
-#   ]
-# #   certs_path = var.certs_path
-# }
+# # module "cilium_tls" {
+# # #   count     = var.use_cilium ? 1 : 0
+# #   source    = "./modules/tls-cert"
+# #   namespace = helm_release.cilium[0].namespace
+# #   dns_names = [
+# #     "hubble.${var.base_domain}"
+# #   ]
+# # #   certs_path = var.certs_path
+# # }
 
 # resource "kubectl_manifest" "hubble_grpc_service" {
 # #   count     = var.use_cilium ? 1 : 0
diff --git a/kind/output.tf b/kind/output.tf
new file mode 100644
index 0000000..685a1d3
--- /dev/null
+++ b/kind/output.tf
@@ -0,0 +1,3 @@
+output "kind_cluster_name" {
+  value = "kind-${kind_cluster.kind.name}"
+}
\ No newline at end of file
diff --git a/kind/providers.tf b/kind/providers.tf
new file mode 100644
index 0000000..7baddfd
--- /dev/null
+++ b/kind/providers.tf
@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    helm = {
+      source = "hashicorp/helm"
+      version = "2.13.2"
+    }
+    kubectl = {
+      source = "gavinbunney/kubectl"
+      version = "1.14.0"
+    }
+    kind = {
+      source = "tehcyx/kind"
+      version = "0.5.1"
+    }
+  }
+}
diff --git a/kind/vars.tf b/kind/vars.tf
new file mode 100644
index 0000000..b496b61
--- /dev/null
+++ b/kind/vars.tf
@@ -0,0 +1,21 @@
+variable "kubectl_config_path" {
+  default     = ""
+  type        = string
+}
+data "external" "os" {
+  working_dir = path.module
+  program     = ["printf", "{\"os\": \"Linux\"}"]
+}
+locals {
+  os                  = data.external.os.result.os
+  kubectl_config_path = local.os == "Windows" ? "%USERPROFILE%\\.kube\\config" : "~/.kube/config"
+}
+
+variable "name" {
+  type = string
+}
+
+variable "kind_local_domain" { 
+  type = string
+  default = "kind.local"
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index d26d31f..b6ded90 100644
--- a/main.tf
+++ b/main.tf
@@ -85,8 +85,10 @@ provider "helm" {
   kubernetes {
     config_path = var.kubectl_config_path == "" ? local.kubectl_config_path : var.kubectl_config_path
     # config_context = module.minikube.minikube_name
-    config_context = var.minikube_param.cluster_name
+    # config_context = var.minikube_param.cluster_name
     # config_context = "kind-kind"
+    # config_context = "kind-${var.kind_cluster_name}"
+    config_context = var.minikube ? var.minikube_name : "kind-${var.kind_cluster_name}"
   }
 }
 
diff --git a/readme.md b/readme.md
index b93b56a..76171b5 100644
--- a/readme.md
+++ b/readme.md
@@ -26,6 +26,7 @@ Ready:
   -  reloader
   -  knative + kourier
   -  YDB with prometheus stack
+  -  cilium + hubble (disable internal kube-proxy before)
 
 Plans: 
   -  integrate gitlab/github action with minio (as s3 cache) and harbor\nexus,
diff --git a/terraform.tfvars b/terraform.tfvars
index e098b50..312ec44 100644
--- a/terraform.tfvars
+++ b/terraform.tfvars
@@ -3,7 +3,6 @@
 # Ignorance is strength.
 
 local_domain = "minikube.local"
-kind_local_domain = "kind.local"
 
 minikube = false
 minikube_param = {
@@ -15,6 +14,10 @@ minikube_param = {
     driver = "docker" #hyperv
 }
 
+kind = false
+kind_cluster_name = "kind"
+kind_local_domain = "kind.local"
+
 portainer = false
 nexus = false
 minio = false
@@ -38,6 +41,8 @@ local-vault = false
 reloader = false
 knative = false
 ydb = false
+kubeapps = false
+cilium = false
 
 local-oci-repo = false
 local-oci-repoparam = {
@@ -49,7 +54,6 @@ local-oci-repoparam = {
 }
 
 local-portainer = false
-kubeapps = false
 
 # vault k8s pure
 vault-k8s-tls = false
diff --git a/values/cilium.yaml b/values/cilium.yaml
new file mode 100644
index 0000000..c1f4af0
--- /dev/null
+++ b/values/cilium.yaml
@@ -0,0 +1,21 @@
+kubeProxyReplacement: strict
+k8sServiceHost: cluster-workshop-control-plane
+k8sServicePort: 6443
+hostServices:
+  enabled: false
+externalIPs:
+  enabled: true
+nodePort:
+  enabled: true
+hostPort:
+  enabled: true
+image:
+  pullPolicy: IfNotPresent
+ipam:
+  mode: kubernetes
+hubble:
+  enabled: true
+  relay:
+    enabled: true
+  ui:
+    enabled: true
\ No newline at end of file
diff --git a/vars.tf b/vars.tf
index 2726678..710aa8e 100644
--- a/vars.tf
+++ b/vars.tf
@@ -32,11 +32,26 @@ variable "kind_local_domain" {
   default = "kind.local"
 }
 
+variable "kind_cluster_name" { 
+  type = string
+  default = "kind"
+}
+
+variable "minikube_name" { 
+  type = string
+  default = "kind"
+}
+
 variable "minikube" {
   type = bool
   default = false
 }
 
+variable "kind" {
+  type = bool
+  default = false
+}
+
 variable "portainer" {
   type = bool
   default = false
@@ -202,6 +217,11 @@ variable "knative" {
   default = false
 }
 
+variable "cilium" {
+  type = bool
+  default = false
+}
+
 variable "vault-k8s-vaultparam" {
   type = object({
     nodes     = optional(number, 3)