extern/christianlempa-boilerplates
1
0
Fork 0
mirror of https://github.com/ChristianLempa/boilerplates.git synced 2024-11-24 17:24:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

terraform update2

Browse Source
This commit is contained in:
Christian 2022-03-17 13:09:48 +01:00
parent 5c73779a4a
commit cf7fffab77
15 changed files with 440 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
terraform/kubernetes/templates/deployment.tf → terraform/kubernetes/deployment.tf
View File

0
terraform/kubernetes/templates/ingress.tf → terraform/kubernetes/ingress.tf
View File

0
terraform/kubernetes/templates/secret.tf → terraform/kubernetes/secret.tf
View File

0
terraform/kubernetes/templates/service.tf → terraform/kubernetes/service.tf
View File

15
terraform/templates/kubernetes-automation-example/certmanager-cloudflare.tf Normal file
View File

@ -0,0 +1,15 @@
resource "kubernetes_secret" "cloudflare_api_key_secret" {
depends_on = [kubernetes_namespace.certmanager]
metadata {
name = "cloudflare-api-key-secret"
namespace = "certmanager"
}
data = {
api-key = var.cloudflare_api_key
}
type = "Opaque"
}

31
terraform/templates/kubernetes-automation-example/certmanager-clusterissuer.tf Normal file
View File

@ -0,0 +1,31 @@
resource "kubectl_manifest" "cloudflare_prod" {
depends_on = [time_sleep.wait_for_certmanager]
yaml_body = <<YAML
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cloudflare-prod
spec:
acme:
email: your-mail-address
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cloudflare-prod-account-key
solvers:
- dns01:
cloudflare:
email: your-mail-address
apiKeySecretRef:
name: cloudflare-api-key-secret
key: api-key
YAML
}
resource "time_sleep" "wait_for_clusterissuer" {
depends_on = [kubectl_manifest.cloudflare_prod]
create_duration = "30s"
}

32
terraform/templates/kubernetes-automation-example/certmanager.tf Normal file
View File

@ -0,0 +1,32 @@
resource "kubernetes_namespace" "certmanager" {
depends_on = [time_sleep.wait_for_kubernetes]
metadata {
name = "certmanager"
}
}
resource "helm_release" "certmanager" {
depends_on = [kubernetes_namespace.certmanager]
name = "certmanager"
namespace = "certmanager"
repository = "https://charts.jetstack.io"
chart = "cert-manager"
# Install Kubernetes CRDs
set {
name = "installCRDs"
value = "true"
}
}
resource "time_sleep" "wait_for_certmanager" {
depends_on = [helm_release.certmanager]
create_duration = "10s"
}

14
terraform/templates/kubernetes-automation-example/civo-cluster.tf Normal file
View File

@ -0,0 +1,14 @@
resource "civo_kubernetes_cluster" "k8s_demo_1" {
name = "k8s_demo_1"
applications = ""
num_target_nodes = 2
target_nodes_size = element(data.civo_size.xsmall.sizes, 0).name
firewall_id = civo_firewall.fw_demo_1.id
}
resource "time_sleep" "wait_for_kubernetes" {
depends_on = [civo_kubernetes_cluster.k8s_demo_1]
create_duration = "20s"
}

42
terraform/templates/kubernetes-automation-example/civo-firewall.tf Normal file
View File

@ -0,0 +1,42 @@
resource "civo_firewall" "fw_demo_1" {
name = "fw_demo_1"
# (optional) Don't create Default Firewall rules [default = true]
create_default_rules = false
# (optnal) Specify network ID
# network_id =
}
resource "civo_firewall_rule" "kubernetes_api_server" {
firewall_id = civo_firewall.fw_demo_1.id
protocol = "tcp"
start_port = "6443"
end_port = "6443"
cidr = ["0.0.0.0/0"]
direction = "ingress"
action = "allow"
label = "kubernetes_api_server"
}
resource "civo_firewall_rule" "kubernetes_http" {
firewall_id = civo_firewall.fw_demo_1.id
protocol = "tcp"
start_port = "80"
end_port = "80"
cidr = ["0.0.0.0/0"]
direction = "ingress"
action = "allow"
label = "kubernetes_http"
}
resource "civo_firewall_rule" "kubernetes_https" {
firewall_id = civo_firewall.fw_demo_1.id
protocol = "tcp"
start_port = "443"
end_port = "443"
cidr = ["0.0.0.0/0"]
direction = "ingress"
action = "allow"
label = "kubernetes_https"
}

10
terraform/templates/kubernetes-automation-example/civo-loadbalancer.tf Normal file
View File

@ -0,0 +1,10 @@
data civo_loadbalancer "traefik_lb" {
depends_on = [helm_release.traefik]
name = "k8s_demo_1-traefik-traefik"
}
output "civo_loadbalancer_output" {
value = data.civo_loadbalancer.traefik_lb.public_ip
}

38
terraform/templates/kubernetes-automation-example/civo-query.tf Normal file
View File

@ -0,0 +1,38 @@
data "civo_size" "xsmall" {
filter {
key = "type"
values = ["kubernetes"]
}
filter {
key = "name"
values = ["g4s.kube.xsmall"]
match_by = "re"
}
}
data "civo_size" "small" {
filter {
key = "type"
values = ["kubernetes"]
}
filter {
key = "name"
values = ["g4s.kube.small"]
match_by = "re"
}
}
data "civo_size" "medium" {
filter {
key = "type"
values = ["kubernetes"]
}
filter {
key = "name"
values = ["g4s.kube.medium"]
match_by = "re"
}
}

15
terraform/templates/kubernetes-automation-example/credentials.tf Normal file
View File

@ -0,0 +1,15 @@
# Declare Variables for Credentials
variable "cloudflare_email" {
description = "The email address for your Cloudflare account"
type = string
}
variable "cloudflare_api_key" {
description = "The API key for your Cloudflare account"
type = string
}
variable "civo_token" {
description = "Civo API Token"
type = string
}

138
terraform/templates/kubernetes-automation-example/nginx1.tf Normal file
View File

@ -0,0 +1,138 @@
resource "cloudflare_record" "clcreative-main-cluster" {
zone_id = "your-zone-id"
name = "nginx1.your-domain"
value = data.civo_loadbalancer.traefik_lb.public_ip
type = "A"
proxied = false
}
resource "kubernetes_namespace" "nginx1" {
depends_on = [time_sleep.wait_for_kubernetes]
metadata {
name = "nginx1"
}
}
resource "kubernetes_deployment" "nginx1" {
depends_on = [kubernetes_namespace.nginx1]
metadata {
name = "nginx1"
namespace = "nginx1"
labels = {
app = "nginx1"
}
}
spec {
replicas = 1
selector {
match_labels = {
app = "nginx1"
}
}
template {
metadata {
labels = {
app = "nginx1"
}
}
spec {
container {
image = "nginx:latest"
name = "nginx"
port {
container_port = 80
}
}
}
}
}
}
resource "kubernetes_service" "nginx1" {
depends_on = [kubernetes_namespace.nginx1]
metadata {
name = "nginx1"
namespace = "nginx1"
}
spec {
selector = {
app = "nginx1"
}
port {
port = 80
}
type = "ClusterIP"
}
}
resource "kubectl_manifest" "nginx1-certificate" {
depends_on = [kubernetes_namespace.nginx1, time_sleep.wait_for_clusterissuer]
yaml_body = <<YAML
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nginx1
namespace: nginx1
spec:
secretName: nginx1
issuerRef:
name: cloudflare-prod
kind: ClusterIssuer
dnsNames:
- 'nginx1.your-domain'
YAML
}
resource "kubernetes_ingress_v1" "nginx1" {
depends_on = [kubernetes_namespace.nginx1]
metadata {
name = "nginx1"
namespace = "nginx1"
}
spec {
rule {
host = "nginx1.your-domain"
http {
path {
path = "/"
backend {
service {
name = "nginx1"
port {
number = 80
}
}
}
}
}
}
tls {
secret_name = "nginx1"
hosts = ["nginx1.your-domain"]
}
}
}

62
terraform/templates/kubernetes-automation-example/provider.tf Normal file
View File

@ -0,0 +1,62 @@
terraform {
required_version = ">= 0.13.0"
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 3.0"
}
civo = {
source = "civo/civo"
version = "~> 1.0.13"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.8.0"
}
helm = {
source = "hashicorp/helm"
version = "2.4.1"
}
kubectl = {
source = "gavinbunney/kubectl"
version = "1.13.1"
}
}
}
provider "civo" {
token = var.civo_token
# (Optional) switch datacenter region
# region = "FRA1"
}
provider "cloudflare" {
email = var.cloudflare_email
api_key = var.cloudflare_api_key
}
provider "kubernetes" {
host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
}
provider "helm" {
kubernetes {
host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
}
}
provider "kubectl" {
host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
load_config_file = false
}

43
terraform/templates/kubernetes-automation-example/traefik.tf Normal file
View File

@ -0,0 +1,43 @@
resource "kubernetes_namespace" "traefik" {
depends_on = [time_sleep.wait_for_kubernetes]
metadata {
name = "traefik"
}
}
resource "helm_release" "traefik" {
depends_on = [kubernetes_namespace.traefik]
name = "traefik"
namespace = "traefik"
repository = "https://helm.traefik.io/traefik"
chart = "traefik"
# Set Traefik as the Default Ingress Controller
set {
name = "ingressClass.enabled"
value = "true"
}
set {
name = "ingressClass.isDefaultClass"
value = "true"
}
# Default Redirect
set {
name = "ports.web.redirectTo"
value = "websecure"
}
# Enable TLS on Websecure
set {
name = "ports.websecure.tls.enabled"
value = "true"
}
}