IaC Bazaar
Get started
CivoStatic-verified

Civo Kubernetes Cluster

Fast-launch k3s cluster with node pools, firewall rules, and network.

terraformAlt & Specialty Clouds#civo

Compare Managed Kubernetes across clouds →

civo-k3s-clusterterraform v1.7

Verification

Static-verified

Passed: validated and lint-clean (provider-schema-validated for AWS/Azure/GCP; Terraform-language lint elsewhere).

Conformance

  • Static validation (fmt · validate · tflint)
  • No applicable security policies for this provider
  • Plan tests (mocked: validation rules · outputs)

Provenance

  • SHA-256 checksum
  • Signature (pending)

Functional

  • Live test pending (no cloud run yet)

Last verified 2026-06-28 · how we verify

Documentation

civo-k3s-cluster

Status: static-validated, live-test pending. This module ships under live-test quarantine — it passes tofu fmt, tofu validate, and tflint, but the real apply → verify → destroy gate is deferred until a Civo cloud sandbox account is wired into the live-test lane. Treat the secure defaults as reviewed, the cloud behavior as not yet proven end-to-end.

Fast-launch Civo Kubernetes (k3s) cluster on a dedicated private network behind a deny-by-default firewall, with a required built-in node pool plus optional standalone pools. Civo clusters boot in roughly 90 seconds, making this the fastest live-test k8s lane in the catalog. Works with Terraform and OpenTofu (>= 1.6), Civo provider >= 1.0, < 2.0.

Design / secure defaults

  • Dedicated private network (civo_network) per cluster instead of the Civo default network — clean blast-radius isolation.
  • Deny-by-default firewall. The civo_firewall is created with create_default_rules = false, so nothing inbound is permitted until you list CIDRs. The Kubernetes API (tcp/6443) opens only for api_allowed_cidrs; an empty list (the default) leaves the API unreachable rather than world-open. Web ports (80/443) open only for ingress_allowed_cidrs. Egress is allowed so nodes can pull images and reach the control plane.
  • One required inline pool + standalone extras. Civo mandates exactly one inline pools block on the cluster resource; this module exposes it as default_pool and adds further pools as independent civo_kubernetes_node_pool resources so you can churn capacity without recreating the cluster.
  • CNI choice. flannel by default; set cni = "cilium" to get NetworkPolicy enforcement.
  • Kubeconfig is a sensitive output and never printed in plan/apply logs.

Requirements

  • Terraform or OpenTofu >= 1.6
  • civo/civo provider >= 1.0, < 2.0
  • Civo mandates exactly one inline pool — default_pool is always created. Use extra_node_pools for pools you expect to add/remove.
  • kubernetes_version upgrades recycle nodes.

Verification

Static-validated (tofu fmt, tofu validate, tflint). Live apply/destroy testing pending Civo sandbox availability — see catalog status.

License

Commercial — LicenseRef-IaCBazaar-Commercial.

Usage code & full reference unlock after purchase

The complete copy-paste usage, the full input/output reference, and operational notes ship with your licence — shown here and bundled in the download.

  • Usage
  • Inputs
  • Outputs