Provision Longbridge as code
Declare clusters, Networks, and tokens with the Longbridge Terraform and OpenTofu provider — one provider across the whole platform, authenticated by a Console API token.
The Longbridge provider lets you declare and reconcile your Longbridge
resources — a Control Plane cluster, a Mesh Network, the tokens that go with them
— from version-controlled configuration, on either Terraform or OpenTofu.
One provider spans the whole platform; resource types are product-prefixed, so
longbridge_control_plane_cluster and longbridge_mesh_network sit side by side
in the same configuration.
Beta. The provider is published and usable, but resource coverage is still growing and some attributes may change before 1.0. Pin a version.
Install
Add the provider to your configuration and run terraform init (or tofu init).
terraform {
required_providers {
longbridge = {
source = "longbridgehq/longbridge"
version = "~> 0.1"
}
}
}
provider "longbridge" {
# Reads LONGBRIDGE_API_TOKEN from the environment by default.
}
Authenticate
The provider talks to the Console API and authenticates with a Console API token — the same tokens you manage under Account & billing. Create one scoped to the Org you want to manage, and export it:
export LONGBRIDGE_API_TOKEN="lb_tok_…"
Never commit the token. In CI, supply it as a secret environment variable.
A first resource
resource "longbridge_control_plane_cluster" "app" {
name = "app-prod"
tier = "small"
}
# The kubeconfig is an ephemeral resource — re-fetched each run, never persisted
# to state. Feed it straight into the kubernetes/helm providers.
Run terraform plan to preview, then terraform apply to create the cluster.
Where the full reference lives
Every resource, data source, and argument is documented on the registries — generated straight from the provider schema, versioned with each release:
- Terraform Registry → the
longbridgehq/longbridgeprovider - OpenTofu Registry → the same provider on OpenTofu
These docs — here — cover the narrative: how to install, authenticate, model your infrastructure, and handle state and secrets safely. The registries are the canonical per-resource reference.
Handle state and secrets safely
- Kubeconfigs and join tokens are ephemeral or write-only — they’re minted on demand and never linger in plan output.
- Encrypt your state. Longbridge resources can carry sensitive values; use OpenTofu’s native state encryption or your backend’s encryption, and treat the state file as a secret regardless.
Next
- Account & billing — create the API token this provider needs.
- Control Plane — the concepts behind the resources you’re declaring.